Maidsafe.net

ABSTRACT

This invention is a network that is defined by its novel approach to privacy, security and freedom for its users. Privacy by allowing access anonymously, security by encrypting and obfuscating resources and freedom by allowing users to anonymously and irrefutably be seen as genuine individuals on the network and to communicate with other users with total security and to securely access resources that are both their own and those that are shared by others with them. Further, this invention comprises a system of self healing data, secure messaging and a voting system to allow users to dictate the direction of development of the network, whereby adoption or denial of proposed add-ons to the network will be decided. System incompatibilities and security breaches on networks and the Internet are addressed by this invention where disparity and tangents of development have had an undue influence. The functional mechanisms that this invention provides will restore open communications and worry-free access in a manner that is very difficult to infect with viruses or cripple through denial of service attacks and spam messaging, plus, it will provide a foundation where vendor lock-in need not be an issue.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International ApplicationPCT/GB2007/004421 with an International Filing Date of Nov. 21, 2007,and claiming priority to co-pending Great Britain Patent Application No.0624053.5 filed on Dec. 1, 2006 and co-pending Great Britain PatentApplication No. 0709759.5 filed May 22, 2007, all of which are relied onand incorporated herein by reference.

STATEMENT OF INVENTION

An issue with today's networks is a combination of vendor lock in,imposed vendor based controls and lack of standards. The present 3invention allows users to take charge of a new global network in a 4manner that will maintain effectiveness and promote the setting and 5attaining of common goals.

Another issue with today's networks is the security and privacy of data,7 this invention allows a secure private and free network where userscan 8 enjoy an efficiently managed working environment that presents a 9guaranteed level of private and securely protected activity.

Also today, many computer resources are underutilised to a great 1degree, including disk space, memory, processing power and any other 2attached resources, this is inefficient and environmentally detrimental.3 The present invention seeks to maximise these resources and share 4them globally to people who purchase them or to people or 5organisations who are deemed appropriate to benefit from them, such aschildren in poorer countries, science labs etc. Allocation from these 7resource pools, together with other resources, will be decided by the 8users of the system.

BACKGROUND

Digital data is often stored on the hard disks of individual PCs which 0invariably have memory and operational overhead restrictions. Storage ondistributed systems such as the internet is also possible but requiresspecific storage servers to be available. In addition to these physicalsystems, data management elements such as security, repair, encryption,authentication, anonymity and mapping etc. are required to ensuresuccessful data transactions and management via the Internet. Systems ofmessaging and voting exist today but do not allow either authenticationon what was voted for or on line anonymity. There have been someattempts as listed below, but none of these systems operate asmaidsafe.net does.

Listed below is some prior art for these individual elements, of whichwe have analysed and rejected as true prior art, where necessary weindicate why it is not prior art for our invention:

Most perpetual data generation is allocated with time & calendar etc.(US62669563, JP2001100633). This is not related to this currentinvention as we have no relation to calendaring, which demonstratesperpetual generation time related data. However, External devices ascommunication terminal (JP2005057392) (this is a hardware device notrelated to this present invention) have been used for plurality ofpacket switching to allow perpetual hand-off of roaming data betweennetworks and battery pack (EP0944232) has been used to around-the-clockaccessibility of customer premises equipment interconnected to abroadband network is enhanced by perpetual mode operation of a broadbandnetwork interface. In addition, perpetual data storage and retrieval inreliable manner in peer to peer or distributed network The only linkhere is these devices are connected to Internet connections butotherwise presents no prior art.

Patents WO9637837, TW223167B, U.S. Pat. No. 6,760,756 and U.S. Pat. No.7,099,898 describe methods of data replication and retention of dataduring failure.

Patent WO200505060625 discloses method of secure interconnection whenfailure occurs.

Authentication servers are for user and data transaction authenticatione.g. JP2005311545 which describe a system wherein the application of ‘adigital seal’ to electronic documents conforms to the ElectronicSignature Act. This is similar to the case of signing paper documentsbut uses the application of an electronic signature through anelectronic seal authentication system. The system includes: clientcomputers, to each of which a graphics tablet is connected; anelectronic seal authentication server and a PKI authentication server,plus the electronic seal authentication server. US2004254894 disclosesan automated system for the confirmed efficient authentication of ananonymous subscriber's profile data in this case.

JP2005339247 describes a server based one time ID system and uses aportable terminal. US2006136317 discloses bank drop down boxes andsuggests stronger protection by not transmitting any passwords or IDs.Patent US2006126848 discloses a server centric and deals with a one timepassword or authentication phrase and is not for use on a distributednetwork. Patent US2002194484 discloses a distributed networks where allchunks are not individually verified and where the manifest is onlyre-computed after updates to files and hashes are applied and are forvalidation only.

This is mostly used in biometric (WO2006069158). System for generating apatch file from an old version of data which consists of a series ofelements and a new version of data which also consists of a series ofelements US2006136514). Authentication servers (therefore not adistributed networking principle as per this invention) are commonlyused (JP2006107316, US2005273603, EP1548979).

However, server and client exchange valid certificates can be used(US2004255037). Instead of server, uses of information exchange system(semantic information) by participant for authentication can be used(JP2004355358), again this semantic information is stored and referencedunlike this present invention.

Concepts of identity-based cryptography and threshold secret sharingprovides for a distributed key management and authentication. Withoutany assumption of pre-fixed trust relationship between nodes, the ad hocnetwork works in a self-organizing way to provide the key generation andkey management service, which effectively solves the problem of singlepoint of failure in the traditional public key infrastructure(PKI)-supported system (US2006023887). Authenticating involvesencryption keys for validation (WO2005055162) These are validatedagainst known users unlike the present invention. Also, forauthentication external housing are used (WO2005034009). All of thesesystems require a lost or (whether distributed or not) record ofauthorised users and pass phrases or certificates and therefore do notrepresent prior art.

Ranking, hashing for authentication can be implemented step-by-step andempirical authentication of devices upon digital authentication among aplurality of devices. Each of a plurality of authentication devices canunidirectionally generate a hash value of a low experience rank from ahash value of a high experience rank, and receive a set of highexperience rank and hash value in accordance with an experience. In thisway, the authentication devices authenticate each other's experienceranks (US2004019788). This is a system of hashing access against knownidentities and providing a mechanism of effort based access. Thispresent invention does not rely or use such mechanisms.

This is another method for authentication (JP2001308845). Self-verifyingcertificate for computer system, uses private and public keys—nochunking but for trusted hardware subsystems (US2002080973) this is amechanism of self signing certificates for authentication, again usefulfor effort based computing but not used in this present invention. Otherauthentication modes are, device for exchanging packets of information(JP2001186186), open key certificate management data (JP10285156), andcertification for authentication (WO96139210). Authentication for Peerto Peer system is demonstrated by digital rights management(US2003120928). Digital rights management and CSC (part of that patent sa DRM container) issues which are based on ability to use rather thangaining access to network or resources and therefore not prior art.

Known self-healing techniques are divided broadly into two classes. Oneis a centralized control system that provides overall rerouting controlfrom the central location of a network. In this approach, the reroutingalgorithm and the establishing of alarm collection times becomeincreasingly complex as the number of failed channels increases, and asubstantial amount of time will be taken to collect alarm signals and totransfer rerouting information should a large number of channels of amultiplexed transmission system fail. The other is a distributedapproach in which the rerouting functions are provided by distributedpoints of the network. The following papers on distributed reroutingapproach have been published. (these are all related to self healing butfrom a network pathway perspective and therefore are not prior art forthis invention which deals with data or data chunks self healingmechanisms.

Document 1: W. D. Grover, “The Selfhealing Network”, Proceedings ofGrobecom '87, November 1987.

Document 2: H. C. Yang and S. Hasegawa, “Fitness: Failure ImmunizationTechnology For Network Service Survivability”, Proceedings of Globecom'88, December 1988.

Document 3: H. R. Amirazizi, “Controlling Synchronous Networks WithDigital Cross-Connect Systems”, Proceedings of Globecom '88, December1988.

Document 1 is concerned with a restoration technique for failures in asingle transmission system, and Document 2 relates to a “multiple-wave”approach in which route-finding packets are broadcast in multiple wavefashion in search of a maximum bandwidth until alternate routes havingthe necessary bandwidth are established. One shortcoming of thismultiple wave approach is that it takes a long recovery time. Document 3also relates to fault recovery for single transmission systems and has adisadvantage in that route-finding packets tend to form a loop and hencea delay is likely to be encountered.

This is demonstrated by a system and method of secure and tamperproofremote files over distributed system, redirects integrity check faildata to install module for repairing (WO20566133) This discloser relieson testing data from a central location and not distributed chunking aswith the present invention. It also does not allow for multiple accessand sharing of the testing and ownership of chunks. Server are used forself-healing (US2004177156), effectively removing these from a prior artclaim. Self-repairing is conducted by data overlay is built as a datastructure on top of a logical space defined by a distributed hash table(DHT) in a peer-to-peer (P2P) network environment (US2005187946) ThisMicrosoft patent is a patent to DT networks which is peculiar as theseexist in some quantity and have done for many years, however there is noclaim made to self repair data as is in this present invention but toself repair data storage locations (i.e. in p2p terms find nearestnode). This is not self healing data but merely a description of atypical DHT and the availability of routes to data and providingmultiple routes. This is not prior art for this present inventions butvery likely not enforceable as there are many cases of prior art againstthis Microsoft patent.

Identical communicating node elements are used for power deliverynetwork for self-repairing (US2005043858). Self-healing also relates todistributed data systems and, in particular, to providing highavailability during performance of a cluster topology self-healingprocess within a distributed data system cluster. A cluster topologyself-healing process may be performed in response to a node failure inorder to replicate a data set stored on a failed node from a first nodestoring another copy of the data set to a second non-failed node(US2004066741). An apparatus and method for self-healing of software mayrely on a distribution object in a directory services of a network toprovide data for controlling distribution of software and installationof files associated therewith (U.S. Pat. No. 6,023,586). A technique forthe substantially instantaneous self-healing of digital communicationsnetworks. Digital data streams from each of N nearby sources arecombined and encoded to produce N+M coded data streams using a codingalgorithm. The N+M coded data streams are then each transmitted over aseparate long haul communications link to a decoder where any N of theN+M coded data streams can be decoded uniquely to produce the original Ndata steams (EP0420648. To provide a self-healing communications networkwhich can be recovered from a failure in a short period of time even ifthe failure has occurred in a multiplexed transmission line (U.S. Pat.No. 5,235,599) The above patents and inventions are based on clusteringtechnology and not distributed computing or Internet based computing.The cluster is simply many machines connected to create a largermachine. It is treated as a single machine with known user access etc.and not prior art to this present invention. The N+M coding schemesdiscussed are patents based on digital communications and receptionlinks and are not related to this present invention although at firstglance they appear to have the same language in areas.

Attempts to moving towards attaining some limited aspects ofself-encryption are demonstrated by

(a) US2003053053625 discloser shows limitation of asymmetrical andsymmetrical encryption algorithms, and particularly not requiringgenerating a key stream from symmetric keys, nor requiring any timesynchronising, with minimal computational complexity and capable ofoperated at high speed. A serial data stream to be securely transmittedis first demultiplexed into a plurality N of encryptor input datastream. The input data slices are created which have cascade of stages,include mapping & delay function to generate output slices. These aretransmitted though a transmission channel. Decryptor applies inversestep of cascade of stages, equalizing delay function and mapping togenerate output data slices. The output data streams are multiplexed.The encryptor and decryptor require no synchronizing or timing andoperate in simple stream fashion. N:N mapping does not require expensivearithmetic and implemented in table lookup. This provides robustsecurity and efficiency. A significant difference between this approachand prior cipher method is that the session key is used to deriveprocessing parameters (tables and delays) of the encryptor and decryptorin advance of data transmission. Instead of being used to generate a keystream at real-time rates. Algorithm for generating parameters from asession key is disclosed This patent is based on data communications andencrypting data in transit automatically and decrypting automatically atthe remote end, this is not related to this present invention.

(b) US2002184485 discloser addresses secure communication, by encryptionof message (SSDO-self signing document objects), such that only knownrecipient in possession of a secret key can read the message andverification of message, such that text and origin of message can beverified. Both capabilities and built into message that can betransmitted over internet and decrypted or verified by computerimplementing a document representation language that supports dynamiccontent e.g. any standard web browser, such that elaborate procedures toensure transmitting and receiving computers have same software are nolonger necessary. Encrypted message or one encoded for verification cancarry within itself all information needed to specify the algorithmneeded for decryption. This is a patent describing a key pair encryptionand validation of same software. This is not used by the presentinvention where key pairs are used for asymmetric encryption of somedata but this is used with the RSA (now out of patent) encryptionciphers and not in the manner described above which is more forvalidation.

A range of limited methods for self-encryption have been developed e.g.system for randomisation-encryption of digital data sequence with freelyselectable (EP1182777) (this is a key generating patent and not selfencryption as this current invention shows), use of code key calculationencryption mode but using server (CN 1658553), uses self-test mode (U.S.Pat. No. 6,028,527), encryption system for randomising data signal fortransmission (not storing) and reproducing information at a receiver(U.S. Pat. No. 4,760,598), uses private encryption keys into componentsand sending them to trusted agents (rather than self encryption as perthis present invention (JP2005328574), cryptographic system with keyescrow feature, rather than self encryption as described in this presentinvention (U.S. Pat. No. 6,009,177), steps of first encoding one set ofmessage signal with first keyed transformation (U.S. Pat. No.6,385,316), self-modifying fail-safe password system (U.S. Pat. No.6,370,649), time-based encrypting method involves splitting voice signalinto time intervals, random permutations etc. (RU2120700), uses hardwaredecryption module (HDM) (US2003046568), realizing data security storageand algorithm storage by means of semiconductor memory device(US2006149972), use certificate from certificate server (US20020428080),use certificates for encryption of communications (EP1422865), useself-service terminal for encryption and transmission of data(US2006020788), method for implementing security communication byencryption algorithm (US2005047597), method of data encryption-blockencryption variable length (BEVL) encoding, overcomes weakness of CMEAalgorithm) (US2004190712), encrypted cipher code for secure datatransmission (CN 1627681) method and system for encrypting streamed dataemploying fast set-up single use key and self-synchronising(US2005232424) and for security, generate MAC for data integrity,placing electronic signature, use TREM software module (US2004199768)

None of the above systems utilise self encryption as per the presentinvention and are related to voice and data transmissions, or includehardware controllers or servers.

U.S. Pat. No. 6,859,812 discloses a system and method fordifferentiating private and shared files, where clustered computersshare a common storage resource, Network-Attached Storage (NAS) andStorage Area Network (SAN), therefore not distributed as in this presentinvention. U.S. Pat. No. 5,313,646 has a system which provides acopy-on-write feature which protects the integrity of the shared filesby automatically copying a shared file into user's private layer whenthe user attempts to modify a shared file in a back layer, this is adifferent technology again and relies on user knowledge—not anonymous.WO02095545 discloses a system using a server for private file sharingwhich is not anonymous.

A computer system having plural nodes interconnected by a commonbroadcast bus is disclosed by U.S. Pat. No. 5,117,350. U.S. Pat. No.5,423,034 shows how each file and level in the directory structure hasnetwork access privileges. The file directory structure generator andretrieval tool have a document locator module that maps the directorystructure of the files stored in the memory to a real world hierarchicalfile structure of files. Therefore not distributed across publicnetworks or anonymous or self encrypting, the present inventions doesnot use broadcasting in this manner.

Today systems secure transactions through encryption technologies suchas Secure Sockets Layer (SSL), Digital Certificates, and Public KeyEncryption technologies. The systems today address the hackers throughtechnologies such as Firewalls and Intrusion Detection systems. Themerchant certification programs are designed to ensure the merchant hasadequate inbuilt security to reasonably assure the consumer theirtransaction will be secure. These systems also ensure that the vendorwill not incur a charge back by attempting to verify the consumerthrough secondary validation systems such as password protection andeventually, Smart Card technology.

Network firewalls are typically based on packet filtering which islimited in principle, since the rules that judge which packets to acceptor reject are based on subjective decisions. Even VPNs (Virtual PrivateNetworks) and other forms of data encryption, including digitalsignatures, are not really safe because the information can be stolenbefore the encryption process, as default programs are allowed to dowhatever they like to other programs or to their data files or tocritical files of the operating system. This is done by (CA247150)automatically creating an unlimited number of Virtual Environments (VEs)with virtual sharing of resources, so that the programs in each VE thinkthat they are alone on the computer. The present invention takes atotally different approach to security and obviates the requirement ofmuch of the above particularly CA2471505. U.S. Pat. No. 6,185,316discloses security via fingerprint imaging testing bit of code usingclose false images to deter fraudulent copying, this is different fromthe present invention in that we store no images at all and certainlynot in a database.

There are currently several types of centralised file storage systemsthat are used in business environments. One such system is aserver-tethered storage system that communicates with the end users overa local area network, or LAN. The end users send requests for thestorage and retrieval of files over the LAN to a file server, whichresponds by controlling the storage and/or retrieval operations toprovide or store the requested files. While such a system works well forsmaller networks, there is a potential bottleneck at the interfacebetween the LAN and the file storage system.

Another type of centralised storage system is a storage area network,which is a shared, dedicated high-speed network for connecting storageresources to the servers. While the storage area networks are generallymore flexible and scalable in terms of providing end user connectivityto different server-storage environments, the systems are also morecomplex. The systems require hardware, such as gateways, routers,switches, and are thus costly in terms of hardware and associatedsoftware acquisition.

Yet another type of storage system is a network attached storage systemin which one or more special-purpose servers handle file storage overthe LAN.

Another file storage system utilizes distributed storage resourcesresident on various nodes, or computers, operating on the system, ratherthan a dedicated centralised storage system. These are distributedsystems, with the clients communicating peer-to-peer to determine whichstorage resources to allocate to particular files, directories and soforth. These systems are organized as global file stores that arephysically distributed over the computers on the system. A global filestore is a monolithic file system that is indexed over the system as,for example, a hierarchical directory. The nodes in the systems useByzantine agreements to manage file replications, which are used topromote file availability and/or reliability. The Byzantine agreementsrequire rather lengthy exchanges of messages and thus are inefficientand even impractical for use in a system in which many modifications tofiles are anticipated. US200211434 shows a peer-to-peer storage systemwhich describes a storage coordinator that centrally manages distributedstorage resources. The difference here is the requirement of a storagebroker, making this not fully distributed.

The present invention also differs in that the present invention has nocentral resources for any of the system and we also encrypt data forsecurity as well as the self healing aspect of our system which is againdistributed.

U.S. Pat. No. 7,010,532 discloses improved access to information storedon a storage device. A plurality of first nodes and a second node arecoupled to one another over a communications pathway, the second nodebeing coupled to the storage device for determining meta data includingblock address maps to file data in the storage device.

JP2003273860 discloses a method of enhancing the security level duringaccess of an encrypted document including encrypted content. A documentaccess key for decrypting an encrypted content within an encrypteddocument is stored in a management device, and a user device wishing toaccess the encrypted document transmits its user ID and a documentidentification key for the encrypted document, which are encrypted by aprivate key, together with a public key to the management device torequest transmission of the document access key. Differing from thisinvention in that it never transmit user id or login in the network atall. Also it does not require management devices of any form.

JP2002185444 discloses improves security in networks and the certaintyfor satisfying processing requests. In the case of user registration, aprint server forms a secret key and a public key, and delivers thepublic key to a user terminal, which forms a user ID, a secret key and apublic key, encrypts the user ID and the public key by using the publickey, and delivers them to the print server. This is not linked at all tothis invention and is a system for a PKI infrastructure for certificateaccess to network nodes.

The private and public keys of users are used in U.S. Pat. No.6,925,182, and are encrypted with a symmetric algorithm by usingindividual user identifying keys and are stored on a network servermaking it a different proposition from a distributed network

US2005091234 describes data chunking system which divides data intopredominantly fixed-sized chunks such that duplicate data may beidentified. This is associated with storing and transmitting data fordistributed network. US2006206547 discloses a centralised storagesystem, whilst US2005004947 discloses a new PC based file system.US2005256881 discloses data storage in a place defined by a pathalgorithm. This is a server based duplicate removal and not necessarilyencrypting data, unlike the present invention which does both andrequires no servers.

Common email communications of sensitive information is in plain textand is subject to being read by unauthorized code on the senders system,during transit and by unauthorized code on the receiver's system. Wherethere is a high degree of confidentially required, a combination ofhardware and software secures data. A high degree of security to acomputer or several computers connected to the Internet or a LAN asdisclosed in US2002099666. Hardware system is used which consists of aprocessor module, a redundant non-volatile memory system, such as dualdisk drives, and multiple communications interfaces. This type ofsecurity system must be unlocked by a pass phrase to access data, andall data is transparently encrypted, stored, archived and available forencrypted backup. A system for maintaining secure communications, filetransfer and document signing with PKI, and a system for intrusionmonitoring and system integrity checks are provided, logged andselectively alarmed in a tamper-proof, time-certain manner.

WO2005093582 discloses method of encryption where data is secured in thereceiving node via private tag for anonymous network browsing. However,other numerous encryption methods are also available such as (i)implantation of Reed Solomon algorithm (WO02052787), which ensures datais coded in parabolic fashion for self-repairing and storage, (ii)storage involves incremental backup (WO02052787), (ii) uses stenographic(US2006177094), (iv) use cipher keys (CN1620005), encryption for nontext (US2006107048) and US2005108240 discloses user keys and randomlygenerated leaf node keys. The present invention uses none of thesemethods of encryption and in particular ensures all chunks are uniqueand do not point to another for security (an issue with Reed Solomon andN+K implementations of parabolic coding)

WO2005060152 discloses a digital watermark representing the one-way hashis embedded in a signature document is used for electronic signing.Mostly encrypted document signing is associated with legal documents,e.g. on-line notary etc. e.g. US2006161781, signature verification (U.S.Pat. No. 6,381,344). WO0182036 discloses a system and method forsigning, storing, and authenticating electronic documents using publickey cryptography. The system comprises a document service computercluster connected to user computers, document owner server computers,and registration computers via a network such as for example, theinternet or the world wide web. WO0013368 discloses both the data objectand the signature data are encrypted. None of these systems are designedor allow for distributed signing networks unlike the present invention.

U.S. Pat. No. 6,912,660 discloses a method for parallel approval of anelectronic document. A document authentication code (DAC 0) isgenerated, linked to the original document. Subsequent approvals of thedocument generate a DAC x related to that specific approval. This is notlinked to the present invention as it's a document approval system—i.e.one which allows a document to have multiple signatories to authenticateapproval, the present invention does not do this at all.

U.S. Pat. No. 6,098,056 discloses a system and method for controllingaccess rights to and security of digital content in a distributedinformation system, e.g., Internet. The network includes at least oneserver coupled to a storage device for storing the limited accessdigital content encrypted using a random-generated key, known as aDocument Encryption Key (DEK). The DEK is further encrypted with theserver's public key, using a public/private key pair algorithm andplaced in a digital container stored in a storage device and includingas a part of the meta-information which is in the container. Theclient's workstation is coupled to the server (one of the manydifference's from the present invention) for acquiring the limitedaccess digital content under the authorized condition. A TrustedInformation Handler (TN) is validated by the server after the handlerprovides a data signature and type of signing algorithm to transactiondata descriptive of the purchase agreement between the client and theowner. After the handler has authenticated, the server decrypts theencrypted DEK with its private key and re-encrypts the DEK with thehandler's public key ensuring that only the information handler canprocess the information. The encrypted DEK is further encrypted with theclient's public key personalizing the digital content to the client. Theclient's program decrypts the DEK with his private key and passes italong with the encrypted content to the handler which decrypts the DEKwith his private key and proceeds to decrypt the content for displayingto the client.

U.S. Pat. No. 5,436,972 discloses a method for preventing inadvertentbetrayal by a trustee of escrowed digital secrets. After uniqueidentification data describing a user has been entered into a computersystem, the user is asked to select a password to protect the system.U.S. Pat. No. 5,557,518 discloses a system to open electronic commerceusing trusted agents. U.S. Pat. No. 5,557,765 discloses a system andmethod for data recovery. An encrypting user encrypts a method using asecret storage key (KS) and attaches a Data Recovery Field (DRF),including an Access Rule Index (ARI) and the KS to the encryptedmessage.

U.S. Pat. No. 5,590,199, discloses a system for authenticating andauthorizing a user to access services on a heterogeneous computernetwork. The system includes at least one workstation and oneauthorization server connected to each other through a network.

US2006123227 and WO0221409 effort measuring techniques to validatesignatures without the requirement for a central body or centralmessaging entity. This is an interesting new concept but not used in thecurrent invention.

Attempts to moving towards attaining some limited aspects ofself-encryption are demonstrated by:

(a) US2003053053625 discloses limitation of asymmetrical and symmetricalencryption algorithms, and particularly not requiring generation of akey stream from symmetric keys, nor requiring any time synchronizing,with minimal computational complexity and capable of operating at highspeed. A serial data stream to be securely transmitted is firstdemultiplexed into a plurality N of encryptor input data stream. Theinput data slices are created which have a cascade of stages, includemapping & delay functions to generate output slices. These aretransmitted though a transmission channel. Decryptor applies inversestep of cascade of stages, equalizing delay function and mapping togenerate output data slices. The output data streams are multiplexed.The encryptor and decryptor require no synchronizing or timing andoperate in simple stream fashion. N:N mapping does not require expensivearithmetic and implemented in table lookup. This provides robustsecurity and efficiency. A significant difference between this approachand prior cipher method is that the session key is used to deriveprocessing parameters (tables and delays) of the encryptor and decryptorin advance of data transmission. Instead of being used to generate a keystream at real-time rates. Algorithm for generating parameters from asession key is disclosed. This is a data communications network and notrelated to current invention.

(b) US2002184485 addresses secure communication, by encryption ofmessage (SSDO-self signing document objects), such that only knownrecipient in possession of a secret key can read the message andverification of message, such that text and origin of message can beverified. Both capabilities are built into message that can betransmitted over internet and decrypted or verified by computerimplementing a document representation language that supports dynamiccontent e.g. any standard web browser, such that elaborate procedures toensure transmitting and receiving computers have same software are nolonger necessary. Encrypted message or one encoded for verification cancarry within itself all information needed to specify the algorithmneeded for decryption.

US2004117303 discloses an anonymous payment system and is designed toenable users of the Internet and other networks to exchange cash forelectronic currency that may be used to conduct commercial transactionsworld-wide through public networks. US2005289086 discloses an anonymityfor web registration which allows payment system. US2002073318 describeuse of servers where the system is effort based trust on combination ofanonymous keys to transact and public key to buy non anonymous credits.Each of these is a centrally controlled system and do not provide amechanism to transfer credits or cash to anonymous accounts. Many ofthese actually require user registration on a web site.

US2003163413 discloses a method of conducting anonymous transactionsover the Internet to protect consumers from identity fraud. The processinvolves the formation of a Secure Anonymous Transaction Engine toenable any consumer operating over an open network, such as the Internetto browse, collect information, research, shop, and purchaseanonymously. The Secure Anonymous Transaction Engine components providea highly secure connection between the consumer and the provider ofgoods or services over the Internet by emulating an in store anonymouscash transaction although conducted over the Internet. This again isserver based and requires user registration.

With regard to cash transfers, a truly anonymous purchase is one inwhich the purchaser and seller are unknown to each other, the purchaseprocess is not witnessed by any other person, and the exchange medium iscash. Such transactions are not the norm. Even cash transactions in aplace of business are typically witnessed by salespersons and othercustomers or bystanders, if not recorded on videotape as a routinesecurity measure. On the other hand, common transaction media such aspayment by personal check or credit card represent a clear loss ofanonymity, since the purchaser's identity as well as other personalinformation is attached to the transaction (e.g., driver's licensenumber, address, telephone number, and any information attached to thename, credit card, or driver's license number). Thus, although a cashtransaction is not a truly anonymous purchase, it provides aconsiderably higher degree of purchase anonymity than a transactioninvolving a personal check or credit card, and affords perhaps thehighest degree of purchase anonymity achievable in the present. The useof cash, however, has limitations, especially in the context ofelectronic commerce.

WO0203293 discloses methods, systems, and devices for performingtransactions via a communications network such as the Internet whilepreserving the anonymity of at least one of the parties. A transactiondevice is linked to an anonymous account to allow a party to preserve anequivalent level of anonymity as the use of cash when making atransaction at a traditional brick-and-mortar business as well as in thevirtual world of electronic commerce. As such, the transaction devicemay be considered equivalent to a flexible and versatile cash wallet. Inthis way, combines the desirable features of cash (anonymity, security,and acceptance) and of electronic commerce (speed, ease, andconvenience). This like the next invention requires a hardware baseddevice unlike the present invention.

EP0924667 is based on a distributed payment system for cash-free paymentwith purse chip cards using the Net. The system consists of a clientsystem which is, for example, installed at the customer site and aserver system which is, for example, installed at the dealer.

U.S. Pat. No. 6,299,062 discloses an electronic cash system forperforming an electronic transaction using an electronic cash, comprisesat least one user apparatus each capable of using the electronic cash;an authentication centre apparatus, for receiving a user identityinformation, a corresponding public key along with a certificate issuerequest from one of the user apparatus and for issuing a certificate forthe user apparatus's public key after confirming the identity of thecorresponding user. This again requires hardware and user registrationto the system

US2004172539 discloses method for generating an electronic receipt in acommunication system providing a public key infrastructure, comprisingthe steps of receiving by a second party a request message from a firstparty, the request message comprising a transaction request and a firstpublic key based on a secret owned by the first party and wherein thesecret is associated with at least the secret of a further public key ofthe first party, (server based)

WO0219075 discloses publicly-accessible, independent, and secure hostinternet site that provides a downloadable agent program to anyanonymous client PC, with the agent program generating within the clientPC a registration checksum based upon the document to be registered.

US2003159032 discloses automatically generating unique, one-way compactand mnemonic voter credentials that support privacy and securityservices. Discloses any voting system, voting organization, or votinggame wherein participants need to be anonymous and/or must exchangesecrets and/or make collective decisions. US2002077887 (requiresregistration and initial knowledge of the person who receives theballot, and requires a server) discloses an architecture that enablesanonymous electronic voting over the Internet using public keytechnologies. Using a separate public key/private key pair, the votingmediator validates the voting ballot request. (Hardware device)DE10325491 discloses that the voting method has an electronic ballot boxfor collecting encoded electronic voting slips and an electronic box forcollecting the decoded voting slips. The voter fills out his voting slipat a computer and authenticates his vote with an anonymous signaturesetting unit.

US2004024635 (hardware based, requiring servers) discloses a distributednetwork voting system; a server for processing votes cast over adistributed computing network. The server includes memory storage, dataidentification, an interested party and a processor in communicationwith the memory. The processor operates to present an issue to a user ofa client computer, receive a vote on the issue from the user, andtransmit data relating to the vote to the interested party based uponthe data identifying the interested party stored in the memory. Theprocessor further operates to generate a vote status cookie when theuser submits the vote, transmit the vote status cookie to the client forstorage, and transmit data to the user that prompts the user to provideauthentication data relating to the user, who then receivesauthentication data relating to the user and authenticate the user basedon the authentication data.

WO03098172 discloses modular monitoring and protection system withdistributed voting logic.

US2006112243 discloses a hard disk mapping where the data is copiedlocally and then the machine decides it can use either copy and whetheror not update the other one. EP1049291 discloses a remote devicemonitoring using pre-calculated maps of equipment locations. These arehardware based data mapping systems and not related. As above prior arthighlights separate existence of elements such as storage, security,repairing, encryption, authentication, anonymity, voting and mappingetc. for data transaction and storage via internet. There is somelimited linkage between a few of the individual elements but none areinter-linked to provide comprehensive solution for secure data storageand transmittance via internet utilisation. The inventions below listsolutions to address the vacuum and provide an inexpensive solution forsecure internet data storage and transmittance with other addedbenefits.

SUMMARY OF THE INVENTION

The main embodiments of this invention are as follows:

A system of sharing access to private files which has the functionalelements of:

1. Perpetual Data

2. Self encryption

3. Data Maps

4. Anonymous Authentication

5. Shared access to Private files

6. ms Messenger

7. Cyber Cash

8. Worldwide Voting System

with the additionally linked functional elements of:

1. Peer Ranking

2. Self Healing

3. Security Availability

4. Storage and Retrieval

5. Duplicate Removal

6. Storing Files 577-Tr-Chunking-

8. Encryption/Decryption

9. Identify Chunks

10. Revision Control

11. Identify Data with Very Small File

12. Logon

13. Provide Key Pairs

14. Validation

15. Create Map of Maps

16. Share Map

17. Provide Public ID

18. Encrypted Communications

19. Document Signing

20. Contract Conversations

21. Counterfeit Protection

22. Allow Selling of Machine Resources

23. Interface with Non-Anonymous Systems

24. Anonymous Transactions

25. Anonymity

26. Proven Individual

27. Validation of Vote Being Used

28. Distributed Controlled Voting

A distributed network system and product which provides:

a. secure communications

b. store data & share resources

c. anonymous backing and restoring data

d. share private files & secure data without using server

e. anonymous authentication of users

f. approve transaction based on digital currency

g. CPU sharing via anonymous voting system

A method allowing users to securely store data and share resourcesacross a distributed network by utilising anonymously shared computerresources.

A method to allow secure communications between users by utilizingpublic ID's linked to anonymous ID'S to authenticate users as well asallowing contract signed conversations.

A method to allow sharing and allocation of resources globally byutilising effort based testing and anonymously authenticated users in aglobal distributed network.

A method specifically to backup and restore data anonymously in adistributed network with guarantees on integrity and recovery times.

A method to share private and secured data without the use of fileservers or any controlling body or centralised resource.

A method to approve the exchange of resources and other transactionsbased on a digital currency which utilises links with non anonymouspayment systems.

A method to allow data to be described decoded and identified using verysmall data map files.

A method to allow anonymous authentication of users on a network.

A method of above to allow sharing of CPU power globally and tocontribute to systems based on users input from a worldwide secure andanonymous voting system.

A method where a person's computer operating system and related computerprogram may be held on a removable disk (such as a USB stick optionallywith biometric recognition to evade key loggers) and used to boot anycompatible computer with a known virus/trojan horse free system toaccess their data remotely and securely without worrying about theintegrity of host machine they are using.

At least one computer program comprising instructions for causing atleast one computer to perform the method, system and product accordingto any of above. That at least one computer program of above embodied ona recording medium or read-only memory, store.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

Embodiments of the present invention will now be described, by way ofexample only, with reference to the accompanying drawings in which:

FIG. 1 a is a system diagram according to the invention;

FIG. 1 b is a diagram of perpetual data elements of the system of FIG. 1a;

FIG. 1 c is a diagram of self encryption elements of the system of FIG.1 a;

FIG. 1 d is a diagram of datamap elements of the system of FIG. 1 a;

FIG. 1 e is a diagram of anonymous authentication elements of the systemof FIG. 1 a;

FIG. 1 f is a diagram of shared access elements of the system of FIG. 1a;

FIG. 1 g is a diagram of messenger elements of the system of FIG. 1 a;

FIG. 1 h is a diagram of cyber cash elements of the system of FIG. 1 a;

FIG. 1 i is a diagram of voting system elements of the system of FIG. 1a;

FIG. 2 is a flow chart of the self authentication process for the systemof FIG. 1 a;

FIG. 3 is a diagram of peer to peer interaction for the system of FIG. 1a;

FIG. 4 is a flow chart of the authentication process for the system ofFIG. 1 a;

FIG. 5 is a flow chart of the data assurance event for the system ofFIG. 1 a;

FIG. 6 is a flow chart of the chunking event for the system of FIG. 1 a;

FIG. 7 is an example of chunking performed by the system of FIG. 1 a;

FIG. 8 is a flow chart of the self healing event for the system of FIG.1 a;

FIG. 9 is a flow chart of the peer ranking event for the system of FIG.1 a;

FIG. 10 is a flow chart of the duplicate removal event for the system ofFIG. 1 a;

FIG. 11 is a flow chart for storing perpetual data performed by thesystem of FIG. 1 a;

FIG. 12 is a diagram of a chunk checking process performed by the systemof FIG. 1 a;

FIG. 13 is a flow chart of the storage of additional chunks for thesystem of FIG. 1 a;

FIG. 14 is a flow chart of the self healing process for the system ofFIG. 1 a;

FIG. 15 is a flow chart of saving data for the system of FIG. 1 a;

FIG. 16 is a flow chart of deleting data for the system of FIG. 1 a;

FIG. 17 is a flow chart of a self encryption process of the system ofFIG. 1 a;

FIG. 18 is a flow chart of a shared access process of the system of FIG.1 a;

FIG. 19 is a flow chart of a messenger application for the system ofFIG. 1 a; and

FIG. 20 is a flow chart of a voting application for the system of FIG. 1a.

DETAILED DESCRIPTION References to IDs Used in Descriptions of theSystem's Functionality

MID—this is the base ID and is mainly used to store and forget files.Each of these operations will require a signed request. Restoring maysimply require a request with an ID attached.

PMID—This is the proxy mid which is used to manage the receiving ofinstructions to the node from any network node such as get/put/forgetetc. This is a key pair which is stored on the node—if stolen the keypair can be regenerated simply disabling the thiefs stolen PMID althoughthere's not much can be done with a PMID key pair.

CID—Chunk Identifier, this is simply the chunkid.KID message on the net.

TMID—This is today's ID a one time ID as opposed to a one time password.This is to further disguise users and also ensure that their MID staysas secret as possible.

MPID—The maidsafe.net public ID. This is the ID to which users their ownname and actual data if required. This is the ID for messenger, sharing,non anonymous voting and any other method that requires we know theuser.

MAID—this is basically the hash of and actual public key of the MID.this ID is used to identify the user actions such as put/forget/get onthe maidsafe.net network. This allows a distributed PKI infrastructureto exist and be automatically checked.

KID—Kademlia ID this can be randomly generated or derived from known andpreferably anonymous information such as an anonymous public key hash aswith the MAID. In this case we use kademlia as the example overlaynetwork although this can be almost any network environment at all.

MSID—maidsafe.net Share ID, an ID and key pair specifically created foreach share to allow users to interact with shares using a unique key notrelated to their MID which should always be anonymous and separate.

Anonymous authentication relates to system authentication and, inparticular, authentication of users for accessing resources stored on adistributed or peer-to-peer file system. Its aim is to preserve theanonymity of the users and to provide secure and private storage of dataand shared resources for users on a distributed system. It is a methodof authenticating access to a distributed system comprising the stepsof;

-   -   Receiving a user identifier;    -   Retrieving an encrypted validation record identified by the user        identifier;    -   Decrypting the encrypted validation record so as to provide        decrypted information; and . . .    -   Authenticating access to data in the distributed system using        the decrypted information.

Receiving, retrieving and authenticating may be performed on a node inthe distributed system preferably separate from a node performing thestep of decrypting. The method further comprises the step of generatingthe user identifier using a hash. Therefore, the user identifier may beconsidered unique (and altered if a collision occurs) and suitable foridentifying unique validation records. The step of authenticating accessmay preferably further comprise the step of digitally signing the useridentifier. This provides authentication that can be validated againsttrusted authorities. The method further comprises the step of using thesigned user identifier as a session passport to authenticate a pluralityof accesses to the distributed system. This allows persistence of theauthentication for an extended session.

The step of decrypting preferably comprises decrypting an address in thedistributed system of a first chunk of data and the step ofauthenticating access further comprises the step of determining theexistence of the first chunk at the address, or providing the locationand names of specific data elements in the network in the form of a datamap as previously describe. This efficiently combines the tasks ofauthentication and starting to retrieve the data from the system. Themethod preferably further comprises the step of using the content of thefirst chunk to obtain further chunks from the distributed system.Additionally the decrypted data from the additional chunks may contain akey pair allowing the user at that stage to sign a packet sent to thenetwork to validate them or additionally may preferable self sign theirown id.

Therefore, there is no need to have a potentially vulnerable record ofthe file structure persisting in one place on the distributed system, asthe user's node constructs its database of file locations after loggingonto the system.

There is provided a distributed system comprising;

-   -   a storage module adapted to store an encrypted validation        record;    -   a client node comprising a decryption module adapted to decrypt        an encrypted validation record so as to provide decrypted        information; and    -   a verifying node comprising:    -   a receiving module adapted to receive a user identifier;    -   a retrieving module adapted to retrieve from the storage module        an encrypted validation record identified by the user        identifier;    -   a transmitting module adapted to transmit the encrypted        validation record to the client node; and    -   an authentication module adapted to authenticate access to data        in the distributed file system using the decrypted information        from the client node.

The client node is further adapted to generate the user identifier usinga hash. The authentication module is further adapted to authenticateaccess by digitally sign the user identifier. The signed user identifieris used as a session passport to authenticate a plurality of accesses bythe client node to the distributed system. The decryption module isfurther adapted to decrypt an address in the distributed system of afirst chunk of data from the validation record and the authenticationmodule is further adapted to authenticate access by determining theexistence of the first chunk at the address. The client node is furtheradapted to use the content of the first chunk to obtain furtherauthentication chunks from the distributed system.

There is provided at least one computer program comprising programinstructions for causing at least one computer to perform. One computerprogram is embodied on a recording medium or read-only memory, stored inat least one computer memory, or carried on an electrical carriersignal.

Additionally there is a check on the system to ensure the user is logininto a valid node (software package). This will preferably include theability of the system to check validity of the running maidsafe.netsoftware by running content hashing or preferably certificate checkingof the node and also the code itself.

Linked Elements for maidsafe.net (FIG. 1)

The maidsafe.net product invention consists of 8 individual inventions,which collectively have 28 inter-linked functional elements, these are:

The individual inventions are:

PT1—Perpetual Data

PT2—Self encryption

PT3—Data Maps

PT4—Anonymous Authentication

PT5—Shared access to Private files

PT6—ms Messenger

PT7—Cyber Cash

PT8—Worldwide Voting System

The inter-linked functional elements are:

P1—Peer Ranking

P2—Self Healing

P3—Security Availability

P4—Storage and Retrieval

P5—Duplicate Removal

P6—Storing Files

P7 Chunking

P8—Encryption/Decryption

P9—Identify Chunks

P10—Revision Control

P11—Identify Data with Very Small File

P12—Logon

P13—Provide Key Pairs

P14—Validation

P15—Create Map of Maps

P16—Share Map

P17—Provide Public ID

P18—Encrypted Communications

P19—Document Signing

P21—Counterfeit Prevention

P22—Allow Selling of Machine Resources

P23—Interface with Non-Anonymous Systems

P24—Anonymous Transactions

P25—Anonymity

P26—Proven Individual

P27—Validation of Vote Being Used

P28—Distributed Controlled Voting

(Description of FIG. 1 Here ****)

Self Authentication Detail (FIG. 2)

1. A computer program consisting of a user interface and a chunk server(a system to process anonymous chunks of data) should be running, if notthey are started when user selects an icon or other means of startingthe program.

2. A user will input some data known to them such as a user id (randomID) and PIN number in this case. These pieces of information may beconcatenated together and hashed to create a unique (which may beconfirmed via a search) identifier. In this case this is called the MID(maidsafe.net ID)

3. A TMID (Today's MID) is retrieved from the network, the TMID is thencalculated as follows:

The TMID is a single use or single day ID that is constantly changed.This allows maidsafe.net to calculate the hash based on the user ID pinand another known variable which is calculable. For this variable we usea day variable for now and this is the number of days since epoch (Jan.1, 1970). This allows for a new ID daily, which assists in maintainingthe anonymity of the user. This TMID will create a temporary key pair tosign the database chunks and accept a challenge response from the holderof these db chunks. After retrieval and generation of a new key pair thedb is put again in new locations—rendering everything that was containedin the TMID chunk useless. The TMID CANNOT be signed by anyone(therefore hackers can't BAN an unsigned user from retrieving this—in aDOS attack)—it is a special chunk where the data hash does NOT match thename of the chunk (as the name is a random number calculated by hashingother information (i.e. its a hash of the TMID as described below)

-   -   take dave as user ID and 1267 as pin.    -   dave+(pin) 1267=dave1267 Hash of this becomes MID    -   day variable (say today is 13416 since epoch)=13416    -   so take pin, and for example add the number in where the pin        states i.e.    -   613dav41e1267    -   (6 at beginning is going around pin again)    -   so this is done by taking 1st pin 1—so put first day value at        position 1    -   then next pin number 2—so day value 2 at position 2    -   then next pin number 6 so day value 3 at position 6    -   then next pin number 7 so day value 4 at position 7    -   then next pin number is 1 so day value 5 at position 1 (again)    -   so TMID is hash of 613dav41e1267 and the MID is simply a hash of        dave 1267 (This is an example algorithm and many more can be        used to enforce further security.)

4. From the TMID chunk the map of the user's database (or list of filesmaps) is identified. The database is recovered from the net whichincludes the data maps for the user and any keys passwords etc. Thedatabase chunks are stored in another location immediately and the oldchunks forgotten. This can be done now as the MID key pair is also inthe database and can now be used to manipulate user's data.

5. The maidsafe.net application can now authenticate itself as actingfor this MID and put get or forget data chunks belonging to the user.

6. The watcher process and Chunk server always have access to the PMIDkey pair as they are stored on the machine itself, so can start andreceive and authenticate anonymous put/get/forget commands.

7. A DHT ID is required for a node in a DHT network this may be randomlygenerated or in fact we can use the hash of the PMID public key toidentify the node.

8. When the users successfully logged in he can check his authenticationvalidation records exist on the network. These may be as follows:

MAID (maidsafe.net anonymous ID)

1. This is a data element stored on net and preferably named with thehash of the MID public Key.

2. It contains the MID public key+any PMID public keys associated withthis user.

3. This is digitally signed with the MID private key to prevent forgery.

4. Using this mechanism this allows validation of MID signatures byallowing any users access to this data element and checking thesignature of it against any challenge response from any node pertainingto be this MID (as only the MID owner has the private key that signsthis MID) Any crook could not create the private key to match to thepublic key to digitally sign so forgery is made impossible given today'scomputer resources.

5. This mechanism also allows a user to add or remove PMIDS (or chunkservers acting on their behalf like a proxy) at will and replace PMID'sat any time in case of the PMID machine becoming compromised. Thereforethis can be seen as the PMID authentication element.

PMID (Proxy MID)

1. This is a data element stored on the network and preferably namedwith the hash of the PMID public key.

2. It contains the PMID public key and the MID ID (i.e. the hash of theMID public key) and is signed by the MID private key (authenticated).

3. This allows a machine to act as a repository for anonymous chunks andsupply resources to the net for a MID.

4. When answering challenge responses any other machine will confirm thePMID by seeking and checking the MIAD for the PMID and making sure thePMID is mentioned in the MAID bit—otherwise the PMID is consideredrouge.

5. The key pair is stored on the machine itself and may be encoded orencrypted against a password that has to be entered upon start-up(optionally) in the case of a proxy provider who wishes to furtherenhance PMID security.

6. The design allows for recovery from attack and theft of the PMID keypair as the MAID data element can simply remove the PMID ID from theMAID rendering it unauthenticated.

FIG. 3 illustrates, in schematic form, a peer-to-peer network inaccordance with an embodiment of the invention; and

FIG. 4 illustrates a flow chart of the authentication, in accordancewith a preferred embodiment of the present invention.

With reference to FIG. 3, a peer-to-peer network 2 is shown with nodes 4to 12 connected by a communication network 14. The nodes may be PersonalComputers (PCs) or any other device that can perform the processing,communication and/or storage operations required to operate theinvention. The file system will typically have many more nodes of alltypes than shown in FIG. 3 and a PC may act as one or many types of nodedescribed herein. Data nodes 4 and 6 store chunks 16 of files in thedistributed system. The validation record node 8 has a storage module 18for storing encrypted validation records identified by a useridentifier.

The client node 10 has a module 20 for input and generation of useridentifiers. It also has a decryption module 22 for decrypting anencrypted validation record so as to provide decrypted information, adatabase or data map of chunk locations 24 and storage 26 for retrievedchunks and files assembled from the retrieved chunks.

The verifying node 12 has a receiving module 28 for receiving a useridentifier from the client node. The retrieving module 30 is configuredto retrieve from the data node an encrypted validation record identifiedby the user identifier. Alternatively, in the preferred embodiment, thevalidation record node 8 is the same node as the verifying node 12, i.e.the storage module 18 is part of the verifying node 12 (not as shown inFIG. 3). The transmitting module 32 sends the encrypted validationrecord to the client node. The authentication module 34 authenticatesaccess to chunks of data distributed across the data nodes using thedecrypted information.

With reference to FIG. 4, a more detailed flow of the operation of thepresent invention is shown laid out on the diagram with the steps beingperformed at the User's PC (client node) on the left 40, those of theverifying PC (node) in the centre 42 and those of the data PC (node) onthe right 44.

A login box is presented 46 that requires the user's name or otherdetail, Preferably email address (the same one used in the client nodesoftware installation and registration process) or simply name (i.e.nickname) and the user's unique number, preferably PIN number. If theuser is a ‘main user’ then some details may already be stored on the PC.If the user is a visitor, then the login box appears.

A content hashed number such as SHA (Secure Hash Algorithm), Preferably160 bits in length, is created 48 from these two items of data. This‘hash’ is now known as the ‘User ID Key’ (MID), which at this point isclassed as ‘unverified’ within the system. This is stored on the networkas the MAID and is simply the hash of the public key containing anunencrypted version of the public key for later validation by any othernode. This obviates the requirement for a validation authority Thesoftware on the user's PC then combines this MID with a standard ‘hello’code element 50, to create 52 a ‘hello.packet’. This hello.packet isthen transmitted with a timed validity on the Internet.

The hello.packet will be picked up by the first node (for thisdescription, now called the ‘verifying node’) that recognises 54 theUser ID Key element of the hello.packet as matching a stored, encryptedvalidation record file 56 that it has in its storage area. A loginattempt monitoring system ensures a maximum of three responses. Upon tomany attempts, the verifying PC creates a ‘black list’ for transmissionto peers. Optionally, an alert is returned to the user if a ‘black list’entry is found and the user may be asked to proceed or perform a viruscheck.

The verifying node then returns this encrypted validation record file tothe user via the internet. The user's pass phrase 58 is requested by adialog box 60, which then will allow decryption of this validationrecord file.

When the validation record file is decrypted 62, the first data chunkdetails, including a ‘decrypted address’, are extracted 64 and the userPC sends back a request 66 to the verifying node for it to initiate aquery for the first ‘file-chunk ID’ at the ‘decrypted address’ that ithas extracted from the decrypted validation record file, or preferablythe data map of the database chunks to recreate the database and provideaccess to the key pair associated with this MID.

The verifying node then acts as a ‘relay node’ and initiates a ‘notifyonly’ query for this ‘file-chunk ID’ at the ‘decrypted address’.

Given that some other node (for this embodiment, called the ‘data node’)has recognised 68 this request and has sent back a valid ‘notificationonly’ message 70 that a ‘file-chunk ID’ corresponding to the requestsent by the verifying node does indeed exist, the verifying node thendigitally signs 72 the initial User ID Key, which is then sent back tothe user. On reception by the user 74, this verified User ID Key is usedas the user's session passport. The user's PC proceeds to construct 76the database of the file system as backed up by the user onto thenetwork. This database describes the location of all chunks that make upthe user's file system. Preferably the ID Key will contain irrefutableevidence such as a public/private key pair to allow signing onto thenetwork as authorised users, preferably this is a case of self signinghis or her own ID—in which case the ID Key is decrypted and user isvalid self validating.

Further details of the embodiment will now be described. A‘proxy-controlled’ handshake routine is employed through an encryptedpoint-to-point channel, to ensure only authorised access by the legalowner to the system, then to the user's file storage database, then tothe files therein. The handshaking check is initiated from the PC that auser logs on to (the ‘User PC), by generating the ‘unverified encryptedhash’ known as the ‘User ID Key’, this preferably being created from theuser's information preferably email address and their PIN number. This‘hash’ is transmitted as a ‘hello. packet’ on the Internet, to be pickedup by any system that recognises the User ID as being associated withspecific data that it holds. This PC then becomes the ‘verifying PC andwill initially act as the User PC's ‘gateway’ into the system during theauthentication process. The encrypted item of data held by the verifyingPC will temporarily be used as a ‘validation record’, it being directlyassociated with the user's identity and holding the specific address ofa number of data chunks belonging to the user and which are locatedelsewhere in the peer-to-peer distributed file system. This ‘validationrecord’ is returned to the User PC for decryption, with the expectationthat only the legal user can supply the specific information that willallow its accurate decryption. Preferably this data may be a signedresponse being given back to the validating node which is possible asthe id chunk when decrypted (preferably symmetrically) contains theusers public and private keys allowing non refutable signing of datapackets.

Preferably after successful decryption of the TMID packet (as describedabove) the machine will now have access to the data map of the databaseand public/private key pair allowing unfettered access to the system.

It should be noted that in this embodiment, preferably no communicationis carried out via any nodes without an encrypted channel such as TLS(Transport Layer Security) or SSL (Secure Sockets Layer) being set upfirst. A peer talks to another peer via an encrypted channel and theother peer (proxy) requests the information (e.g. for some space to saveinformation on or for the retrieval of a file). An encrypted link isformed between all peers at each end of communications and also throughthe proxy during the authentication process. This effectively banssnoopers from detecting who is talking to whom and also what is beingsent or retrieved. The initial handshake for self authentication is alsoover an encrypted link.

Secure connection is provided via certificate passing nodes, in a mannerthat does not require intervention, with each node being validated byanother, where any invalid event or data, for whatever reason (frauddetection, snooping from node or any invalid algorithms that catch thenode) will invalidate the chain created by the node. This is alltransparent to the user.

Further modifications and improvements may be added without departingfrom the scope of the invention herein described.

FIG. 5 illustrates a flow chart of data assurance event sequence inaccordance with first embodiment of this invention

FIG. 6 illustrates a flow chart of file chunking event sequence inaccordance with second embodiment of this invention

FIG. 7 illustrates a schematic diagram of file chunking example

FIG. 8 illustrates a flow chart of self healing event sequence

FIG. 9 illustrates a flow chart of peer ranking event sequence

FIG. 10 illustrates a flow chart of duplicate removal event sequence

With reference to FIG. 5, guaranteed accessibility to user data by dataassurance is demonstrated by flow chart. The data is copied to at leastthree disparate locations at step (10). The disparate locations storedata with an appendix pointing to the other two locations by step (20)and is renamed with hash of contents. Preferably this action is managedby another node i.e. super node acting as an intermediary by step (30).

Each local copy at user's PC is checked for validity by integrity testby step (40) and in addition validity checks by integrity test are madethat the other 2 copies are also still ok by step (50).

Any single node failure initiates a replacement copy of equivalent leafnode being made in another disparate location by step (60) and the otherremaining copies are updated to reflect this change to reflect the newlyadded replacement leaf node by step (70).

The steps of storing and retrieving are carried out via other networknodes to mask the initiator (30).

The method further comprises the step of renaming all files with a hashof their contents.

Therefore, each file can be checked for validity or tampering by runninga content hashing algorithm such as (for example) MD5 or an SHA variant,the result of this being compared with the name of the file.

With reference to FIG. 6, provides a methodology to manageable sizeddata elements and to enable a complimentary data structure for andcompression and encryption and the step is to file chunking. By user'spre-selection the nominated data elements (files are passed to chunkingprocess. Each data element (file) is split into small chunks by step(80) and the data chunks are encrypted by step (90) to provide securityfor the data. The data chunks are stored locally at step (100) ready fornetwork transfer of copies. Only the person or the group, to whom theoverall data belongs, will know the location of these (100) or the otherrelated but dissimilar chunks of data. All operations are conductedwithin the user's local system. No data is presented externally.

Each of the above chunks does not contain location information for anyother dissimilar chunks. This provides for, security of data content, abasis for integrity checking and redundancy.

The method further comprises the step of only allowing the person (orgroup) to whom the data belongs, to have access to it, preferably via ashared encryption technique. This allows persistence of data.

The checking of data or chunks of data between machines is carried outvia any presence type protocol such as a distributed hash table network.

On the occasion when all data chunks have been relocated (i.e. the userhas not logged on for a while,) a redirection record is created andstored in the super node network, (a three copy process—similar to data)therefore when a user requests a check, the redirection record is givento the user to update their database.

This efficiently allows data resilience in cases where network churn isa problem as in peer to peer or distributed networks.

With reference to FIG. 7 which illustrates flow chart example of filechunking. User's normal file has 5 Mb document, which is chunked intosmaller variable sizes e.g. 135 kb, 512 kb, 768 kb in any order. Allchunks may be compressed and encrypted by using Pass phrase. Next stepis to individually hash chunks and given hashes as names. Then databaserecord as a file is made from names of hashed chunks brought togethere.g. in empty version of original file (C1########,t1,t2,t3:C2########,t1,t2,t3 etc), this file is then sent to transmission queuein storage space allocated to client application.

With reference to FIG. 8 provides a self healing event sequencemethodology. Self healing is required to guarantee availability ofaccurate data. As data or chunks become invalid by failing integritytest by step (110). The location of failing data chunks is assessed asunreliable and further data from the leaf node is ignored from thatlocation by step (120). A ‘Good Copy’ from the ‘known good’ data chunkis recreated in a new and equivalent leaf node. Data or chunks arerecreated in a new and safer location by step (130). The leaf node withfailing data chunks is marked as unreliable and the data therein as‘dirty’ by step (140). Peer leaf nodes become aware of this unreliableleaf node and add its location to watch list by step (150). Alloperations conducted within the user's local system. No data ispresented externally.

Therefore, the introduction of viruses, worms etc. will be prevented andfaulty machines/equipment identified automatically.

The network will use SSL or TLS type encryption to prevent unauthorizedaccess or snooping.

With reference to FIG. 9, Peer Ranking id required to ensure consistentresponse and performance for the level of guaranteed interactionrecorded for the user. For Peer Ranking each node (leaf node) monitorsits own peer node's resources and availability in a scalable manner,each leaf node is constantly monitored.

Each data store (whether a network service, physical drive etc.) ismonitored for availability. A qualified availability ranking is appendedto the (leaf) storage node address by consensus of a monitoring supernode group by step (160). A ranking figure will be appended by step(160) and signed by the supply of a key from the monitoring super node;this would preferably be agreed by more super nodes to establish aconsensus for altering the ranking of the node. The new rank willpreferably be appended to the node address or by a similar mechanism toallow the node to be managed preferably in terms of what is stored thereand how many copies there has to be of the data for it to be seen asperpetual.

Each piece of data is checked via a content hashing mechanism for dataintegrity, which is carried out by the storage node itself by step (170)or by its partner nodes via super nodes by step (180) or by instigatingnode via super nodes by step (190) by retrieval and running the hashingalgorithm against that piece of data. The data checking cycle repeatsitself.

As a peer (whether an instigating node or a partner peer (i.e. one thathas same chunk)) checks the data, the super node querying the storagepeer will respond with the result of the integrity check and update thisstatus on the storage peer. The instigating node or partner peer willdecide to forget this data and will replicate it in a more suitablelocation. If data fails the integrity check the node itself will bemarked as ‘dirty’ by step (200) and ‘dirty’ status appended to leaf nodeaddress to mark it as requiring further checks on the integrity of thedata it holds by step (210). Additional checks are carried out on datastored on the leaf node marked as ‘dirty’ by step (220). Ifpre-determined percentage of data found to be ‘dirty’ node is removedfrom the network except for message traffic by step (230). A certainpercentage of dirty data being established may conclude that this nodeis compromised or otherwise damaged and the network would be informed ofthis. At that point the node will be removed from the network except forthe purpose of sending it warning messages by step (230).

This allows either having data stored on nodes of equivalentavailability and efficiency or dictating the number of copies of datarequired to maintain reliability.

Further modifications and improvements may be added without departingfrom the scope of the invention herein described.

With reference to FIG. 10, duplicate data is removed to maximise theefficient use of the disk space. Prior to the initiation of the databackup process by step (240), internally generated content hash may bechecked for a match against hashes stored on the internet by step (250)or a list of previously backed up data (250). This will allow only onebacked up copy of data to be kept. This reduces the network widerequirement to backup data which has the exact same contents.Notification of shared key existence is passed back to instigating nodeby step (260) to access authority check requested, which has to pass forsigned result is to be passed back to storage node. The storage nodepasses shared key and database back to instigating node by step (270)

Such data is backed up via a shared key which after proof of the fileexisting (260) on the instigating node, the shared key (270) is sharedwith this instigating node. The location of the data is then passed tothe node for later retrieval if required.

This maintains copyright as people can only backup what they prove tohave on their systems and not publicly share copyright infringed dataopenly on the network.

This data may be marked as protected or not protected by step (280)which has check carried out for protected or non-protected data content.The protected data ignores sharing process.

Perpetual Data (FIG. 1—PT1 and FIG. 11)

According to a related aspect of this invention, a file is chunked orsplit into constituent parts (1) this process involves calculating thechunk size, preferably from known data such as the first few bytes ofthe hash of the file itself and preferably using a modulo divisiontechnique to resolve a figure between the optimum minimum and optimummaximum chunk sizes for network transmission and storage.

Preferably each chunk is then encrypted and obfuscated in some manner toprotect the data. Preferably a search of the network is carried outlooking for values relating to the content hash of each of the chunks(2).

If this is found (4) then the other chunks are identified too, failureto identify all chunks may mean there is a collision on the network offile names or some other machine is in the process of backing up thesame file. A back-off time is calculated to check again for the otherchunks. If all chunks are on the network the file is considered backedup and the user will add their MID signature to the file afterpreferably a challenge response to ensure there a valid user and haveenough resources to do this.

If no chunks are on the net the user preferably via another node (3)will request the saving of the first copy (preferably in distinct timezones or other geographically dispersing method).

The chunk will be stored (5) on a storage node allowing us to see thePMID of the storing node and store this.

Then preferably a Key.value pair of chunkid.public key of initiator iswritten to net creating a Chunk ID (CID)(6)

Storage and Retrieval (FIG. 1—P4)

According to a related aspect of this invention, the data is stored inmultiple locations. Each location stores the locations of its peers thathold identical chunks (at least identical in content) and they allcommunicate regularly to ascertain the health of the data. Thepreferable method is as follows:

Preferably the data is copied to at least three disparate locations.

Preferably each copy is performed via many nodes to mask the initiator.

Preferably each local copy is checked for validity and checks are madethat the preferably other 2 copies are also still valid.

Preferably any single node failure initiates a replacement copy beingmade in another disparate location and the other associated copies areupdated to reflect this change.

Preferably the steps of storing and retrieving are carried out via othernetwork nodes to mask the initiator.

Preferably, the method further comprises the step of renaming all fileswith a hash of their contents.

Preferably each chunk may alter its name by a known process such as abinary shift left of a section of the data. This allows the same contentto exist but also allows the chunks to appear as three different bits ofdata for the sake of not colliding on the network.

Preferably each chunk has a counter attached to it that allows thenetwork to understand easily just how many users are attached to thechunk—either by sharing or otherwise. A user requesting a ‘chunk forget’will initiate a system question if they are the only user using thechunk and if so the chunk will be deleted and the user's required diskspace reduced accordingly. This allows users to remove files no longerrequired and free up local disk space. Any file also being shared ispreferably removed from the user's quota and the user's database recordor data map (see later) is deleted.

Preferably this counter is digitally signed by each node sharing thedata and therefore will require a signed ‘forget’ or ‘delete’ command.Preferably even ‘store’, ‘put’, ‘retrieve’ and ‘get’ commands shouldalso be either digitally signed or preferably go through a PKI challengeresponse mechanism.

To ensure fairness preferably this method will be monitored by asupernode or similar to ensure the user has not simply copied the datamap for later use without giving up the disk space for it. Therefore theuser's private ID public key will be used to request the forget chunkstatement. This will be used to indicate the user's acceptance of the‘chunk forget’ command and allow the user to recover the disk space. Anyrequests against the chunk will preferably be signed with this key andconsequently rejected unless the user's system gives up the spacerequired to access this file.

Preferably each user storing a chunk will append their signed request tothe end of the chunk in an identifiable manner i.e. prefixed with 80 orsimilar.

Forgetting the chunk means the signature is removed from the file. Thisagain is done via a signed request from the storage node as with theoriginal backup request.

Preferably this signed request is another small chunk stored at the samelocation as the data chunk with an appended postfix to the chunkidentifier to show a private ID is storing this chunk. Any attempt bysomebody else to download the file is rejected unless they firstsubscribe to it, i.e. a chunk is called 12345 so a file is saved called12345 <signed store request>. This will allow files to be forgotten whenall signatories to the chunk are gone. A user will send a signed ‘nostore’ or ‘forget’ and their ID chunk will be removed, and in additionif they are the last user storing that chunk, the chunk is removed.Preferably this will allow a private anonymous message to be sent uponchunk failure or damage allowing a proactive approach to maintainingclean data.

Preferably as a node fails the other nodes can preferably send messageto all sharers of the chunk to identify the new location of thereplacement chunk.

Preferably any node attaching to a file then downloading immediatelyshould be considered an alert and the system may take steps to slow downthis node's activity or even halt it to protect data theft.

Chunk Checks: (FIG. 1—P9 and FIG. 12)

1. Storage node containing chunk 1 checks its peers. As each peer ischecked it reciprocates the check. These checks are split intopreferably 2 types:

-   -   a. Availability check (i.e. simple network ping)    -   b. Data integrity check—in this instance the checking node takes        a chunk and appends random data to it and takes a hash of the        result. It then sends the random data to the node being checked        and requests the hash of the chunk with the random data        appended. The result is compared with a known result and the        chunk will be assessed as either healthy or not. If not, further        checks with other nodes occur to find the bad node.

2. There may be multiple storage nodes depending on the rating ofmachines and other factors. The above checking is carried out by allnodes from 1 to n (where n is total number of storage nodes selected forthe chunk). Obviously a poorly rated node will require to give up diskspace in relation to the number of chunks being stored to allowperpetual data to exist. This is a penalty paid by nodes that areswitched off.

3. The user who stored the chunk will check on a chunk from 1 storagenode randomly selected. This check will ensure the integrity of thechunk and also ensure there are at least 10 other signatures existingalready for the chunk. If there are not and the user's ID is not listed,the user signs the chunk.

4. This shows another example of another user checking the chunk. Notethat the user checks X (40 days in this diagram) are always at least 75%of the forget time retention (Y) (i.e. when a chunk is forgotten by allsignatories it is retained for a period of time Y). This is anotheralgorithm that will continually develop.

Storage of Additional Chunks: (FIG. 12)

1. maidsafe.net program with user logged in (so MID exists) has chunkeda file. It has already stored a chunk and is now looking to storeadditional chunks. Therefore a Chunk ID (CID) should exist on the net.This process retrieves this CID.

2. The CID as shown in storing initial chunk contains the chunk name andany public keys that are sharing the chunk. In this instance it shouldonly be our key as we are first ones storing the chunks (others would bein a back-off period to see if we back other chunks up). We shift thelast bit (could be any function on any bit as long as we can replicateit)

3. We then check we won't collide with any other stored chunk on thenet—i.e. it does a CID search again.

4. We then issue our broadcast to our supemodes (i.e. the supemodes weare connected to) stating we need to store X bytes and any otherinformation about where we require to store it (geographically in ourcase—time zone (TZ))

5. The supernode network finds a storage location for us with thecorrect rank etc.

6. The chunk is stored after a successful challenge response i.e. In themaidsafe.net network. MIDs will require to ensure they are talking ordealing with validated nodes, so to accomplish this a challenge processis carried out as follows: sender [S] receiver [R]

-   -   [S] I wish to communicate (store retrieve forget data etc.) and        I am MAID    -   [R] retrieves MAID public key from DHT and encrypts a challenge        (possibly a very large number encrypted with the public key        retrieved)    -   [S] gets key and decrypts and encrypts [R] answer with his        challenge number also encrypted with [R]'s public key    -   [R] receives response and decrypts his challenge and passes back        answer encrypted again with [S] public key (Communication is now        authenticated between these two nodes.)

7. The CID is then updated with the second chunk name and the locationit is stored at. This process is repeated for as many copies of a chunkthat are required.

8. Copies of chunks will be dependent on many factors including filepopularity (popular files may require to be more dispersed closer tonodes and have more copies. Very poorly ranked machines may require anincreased amount of chunks to ensure they can be retrieved at any time(poorly ranked machines will therefore have to give up more space.)

Security Availability (FIG. 1—P3)

According to a related aspect of this invention, each file is split intomall chunks and encrypted to provide security for the data. Only theperson or the group, to whom the overall data belongs, will know thelocation of the other related but dissimilar chunks of data.

Preferably, each of the above chunks does not contain locationinformation for any other dissimilar chunks; which provides for securityof data content, a basis for integrity checking and redundancy.

Preferably, the method further comprises the step of only allowing theperson (or group) to whom the data belongs to have access to it,preferably via a shared encryption technique which allows persistence ofdata.

Preferably, the checking of data or chunks of data between machines iscarried out via any presence type protocol such as a distributed hashtable network.

Preferably, on the occasion when all data chunks have been relocated,i.e. the user has not logged on for a while, a redirection record iscreated and stored in the super node network, (a three copyprocess—similar to data) therefore when a user requests a check, theredirection record is given to the user to update their database, whichprovides efficiency that in turn allows data resilience in cases wherenetwork churn is a problem as in peer to peer or distributed networks.This system message can be preferably passed via the messenger systemdescribed herein.

Preferably the system may simply allow a user to search for his chunksand through a challenge response mechanism, locate and authenticatehimself to have authority to get/forget this chunk.

Further users can decide on various modes of operation preferably suchas maintain a local copy of all files on their local machine,unencrypted or chunked or chunk and encrypt even local files to securemachine (preferably referred to as off line mode operation) or indeedusers may decide to remove all local data and rely completely onpreferably maidsafe.net or similar system to secure their data.

Self Healing (FIG. 1—P2)

According to a related aspect of this invention, a self healing networkmethod is provided via the following process;

-   -   As data or chunks become invalid-data is ignored from that        location    -   Data or chunks are recreated in a new and safer location.    -   The original location is marked as bad.    -   Peers note this condition and add the bad location to a watch        list.

This will prevent the introduction of viruses; worms etc. will allowfaulty machines/equipment to be identified automatically.

Preferably, the network layer will use SSL or TLS channel encryption toprevent unauthorised access or snooping.

Self Healing (FIG. 13)

1. A data element called a Chunk ID (CID) is created for each chunk.Added to this is the ‘also stored at¹ MID for the other identicalchunks. The other chunk names are also here as they may be renamedslightly (i.e. by bit shifting a part of the name in a manner thatcalculable).

2. All storing nodes (related to this chunk) have a copy of this CIDfile or can access it at any stage from the DHT network, giving eachnode knowledge of all others.

3. Each of the storage nodes have their copy of the chunk.

4. Each node queries its partner's availability at frequent intervals.On less frequent intervals a chunk health check is requested. Thisinvolves a node creating some random data and appending this to it'schunk and taking the hash. The partner node will be requested to takethe random data and do likewise and return the hash result. This resultis checked against the result the initiator had and chunk is then deemedhealthy or not. Further tests can be done as each node knows the hashtheir chunk should create and can self check n that manner on error andreport a dirty node.

5. Now we have a node fail (creating a dirty chunk)

6. The first node to note this carries out a broadcast to other nodes tosay it is requesting a move of the data.

7. The other nodes agree to have CID updated (they may carry out theirown check to confirm this).

8. A broadcast is sent to the supernode network closest to the storagenode that failed, to state a re-storage requirement.

9. The supernode network picks up the request.

10. The request is to the supernode network to store x amount of data ata rank of y.

11. A supernode will reply with a location 12. The storage node and newlocation carry out a challenge response request to validate each other.

13. The chunk is stored and the CID is updated and signed by the threeor 1479 more nodes storing the chunk.

Peer Ranking (FIG. 1—P1)

According to a related aspect of this invention, there is the additionof a peer ranking mechanism, where each node (leaf node) monitors itsown peer node's resources and availability in a scalable manner. Nodesconstantly perform this monitoring function.

Each data store (whether a network service, physical drive etc.) ismonitored for availability. A ranking figure is appended and signed bythe supply of a key from the monitoring super node, this beingpreferably agreed by more super nodes to establish a consensus beforealtering the ranking of the node. Preferably, the new rank will beappended to the node address or by a similar mechanism to allow the nodeto be managed in terms of what is stored there and how many copies therehas to be of the data for it to be seen as perpetual.

Each piece of data is checked via a content hashing mechanism. This ispreferably carried out by the storage node itself or by its partnernodes via super nodes or by an instigating node via super nodes byretrieving and running the hashing algorithm against that piece of data.

Preferably, as a peer (whether an instigating node or a partner peer(i.e. one that has same chunk)) checks the data, the super node queryingthe storage peer will respond with the result of the integrity check andupdate this status on the storage peer. The instigating node or partnerpeer will decide to forget this data and will replicate it in a moresuitable location. If data fails the integrity check, the node itselfwill be marked as ‘dirty’ and this status will preferably be appended tothe node's address for further checks on other data to take this intoaccount. Preferably a certain percentage of dirty data being establishedmay conclude that this node is compromised or otherwise damaged and thenetwork would be informed of this. At that point the node will beremoved from the network except for the purpose of sending it warningmessages.

In general, the node ranking figure will take into account at least;availability of the network connection, availability of resources, timeon the network with a rank (later useful for effort based trust model),amount of resource (including network resources) and also theconnectivity capabilities of any node (i.e. directly or indirectlycontactable)

This then allows data to be stored on nodes of equivalent availabilityand efficiency, and to determine the number of copies of data requiredto maintain reliability.

Aput: (FIG. 15)

Here the MID is the MID of the machine saving data to the net and thePMID is the ID of the storage node chunk server. The communication istherefore between a maidsafe.net application with a logged in user (toprovide MID) and a chunking system on the net somewhere (storage node).

1. A message signed with a user's MID (checked by getting the MAIDpacket from the net) is received requesting storage of a data chunk.

2. This message is a specific message stating the storage node's ID(PMID) and the chunk name to be saved and signed (i.e. this is a uniquemessage)

3. The chunk server decides if it will store the chunk.

4. A signed message is returned stating if PMID will store this chunk(chunkID).

5. The chunk is stored and checked (SHA check)

6. A message is sent back to state that the chunk is saved and is ok.This is signed by the PMID of the chunk server.

7. The chunk server awaits the locations of the other identical chunks.

8. Locations of the identical chunks returned to the chunk server signedwith the MID.

9. Each storage node is contacted and public keys exchanged (PMIDs)

10. The chunk checking process is initiated.

Aforget (FIG. 16)

1. A user has requested that a file should be deleted from his backup(forgotten). The system signs a request using the user MID.

2. The request is sent to a chunk server (storage node).

3. The storage node picks up the request

4. The storage node sends the signed request to the other storage nodesthat have this chunk.

5. The MID is checked as being on the list of MIDs that are watching thechunk (remember only a few—20 in our case are ever listed)

6. The other storage nodes are notified of this.

7. If this is the only MID listed then all owners are possibly gone.

8. Chunk delete times begins, this timer will always be higher than auser check interval—i.e. timer of 60 days—user check interval 40 days.

9. This information is also passed to other storage nodes.

Duplicate Removal (FIG. 1—P5)

According to a related aspect of this invention, prior to data beingbacked up, the content hash may be checked against a list of previouslybacked up data. This will allow only one backed up copy of data to bekept, thereby reducing the network wide requirement to backup data thathas the exact same content. Preferably this will be done via a simplesearch for existence on the net of all chunks of a particular file.

Preferably such data is backed up via a shared key or mechanism ofappending keys to chunks of data. After proof of the file existing onthe instigating node, the shared key is shared with the instigating nodeand the storing node issues a challenge response to add their ID to thepool if it is capable of carrying out actions on the file such asget/forget (delete). The location of the data is then passed to the nodefor later retrieval if required.

This maintains copyright as people can only backup what they prove tohave on their systems and not easily publicly share copyright infringeddata openly on the network.

Preferably, data may be marked as protected or not protected. Preferablyprotected data ignores sharing process.

Chunking (FIG. 1—P7)

According to a related aspect of this invention, files are splitpreferably using an algorithm to work out the chunk size into severalcomponent parts. The size of the parts is preferably worked out fromknown information about the file as a whole, preferably the hash of thecomplete file. This information is run through an algorithm such asadding together the first x bits of the known information and usingmodulo division to give a chunk size that allows the file to preferablysplit into at least three parts.

Preferably known information from each chunk is used as an encryptionkey. This is preferably done by taking a hash of each chunk and usingthis as the input to an encryption algorithm to encrypt another chunk inthe file. Preferably this is a symmetrical algorithm such as AES256.

Preferably this key is input into a password creating algorithm such aspbkdf and an initial vector and key calculated from that. Preferably theiteration count for the pbkdf is calculated from another piece of knowninformation, preferably the sum of bits of another chunk or similar.

Preferably each initial chunk hash and the final hash after encryptionare stored somewhere for later decryption.

Self Encrypting Files (FIG. 1—PT2 and FIG. 17)

1. Take a content hash of a file or data element 2. Chunk a file withpreferably a random calculable size i.e. based on an algorithm of thecontent hash (to allow recovery of file). Also obfuscate the file suchas in 3

3. Obfuscate the chunks to ensure safety even if encryption iseventually broken (as with all encryption if given enough processingpower and time)

-   -   a. chunk 1 byte 1 swapped with byte 1 of chunk 2    -   b. chunk 2 byte 2 swapped with byte 1 chunk 3    -   c. chunk 3 byte 2 swapped with byte 2 of chunk 1    -   d. This repeats until all bytes swapped and then repeats the        same number of times as there are chunks with each iteration        making next chunk first one    -   e.—i.e. second time round chunk 2 is starting position    -   4. Take hash of each chunk and rename chunk with its hash.    -   5. Take h2 and first x bytes of h3 (6 in our example case) and        either use modulo division or similar to get a random number        between 2 fixed parameter (in our case 1000) to get a variable        number. Use the above random number and h2 as the encryption key        to encrypt hi or use h2 and the random number as inputs to        another algorithm (pdbfk2 in our case) to create a key and iv.        (initialisation vector)

6. This process may be repeated multiple times to dilute any keythroughout a series of chunks.

7. Chunk name i.e. In (unencrypted) and h1 c (and likewise for eachchunk) written to a location for later recovery of the data. Added tothis we can simply update such a location with new chunks if a file hasbeen altered, thereby creating a revision control system where each filecan be rebuilt to any previous state.

8. The existence of the chunk will be checked on the net to ensure it isnot already backed up. All chunks may be checked at this time.

9. If a chunk exists all chunks must be checked for existence.

10. The chunk is saved

11. The file is marked as backed up.

12. If a collision is detected the process is redone altering theoriginal size algorithm (2) to create a new chunk set, each system willbe aware of this technique and will do the exact same process till aseries of chunks do not collide. There will be a back off period here toensure the chunks are not completed due to the fact another system isbacking up the same file. The original chunk set will be checkedfrequently in case there are false chunks or ones that have beenforgotten. If the original names become available the file is reworkedusing these parameters.

Duplicate Removal (FIG. 1—P5)

According to a related aspect of this invention, data chunked and readyfor storing can be stored on a distributed network but a search shouldpreferably be carried out for the existence of all associated chunkscreated. Preferably the locations of the chunks have the same ranking(From earlier ranking system) as user or better, otherwise the existingchunks on the net are promoted to a location of equivalent rank atleast. If all chunks exist then the file is considered as already backedup. If less than all chunks exist then this will preferably beconsidered as a collision (after a time period) and the file will be rechunked using the secondary algorithms (preferably just adjusted filesizes). This allows duplicate files on any 2 or more machines to be onlybacked up once although through perpetual data several copies will existof each file, this is limited to an amount that will maintain perpetualdata.

Encrypt-Decrypt (FIG. 1—P8)

According to a related aspect of this invention, the actual encryptingand decrypting is carried out via knowledge of the file's content andthis is somehow maintained (see next). Keys will be generated andpreferably stored for decrypting. Actually encrypting the file willpreferably include a compression process and further obfuscationmethods. Preferably the chunk will be stored with a known hashpreferably based on the contents of that chunk.

Decrypting the file will preferably require the collation of all chunksand rebuilding of the file itself. The file may preferably have itscontent mixed up by an obfuscation technique rendering each chunkuseless on its own.

Preferably every file will go through a process of byte (or preferablybit) swapping between its chunks to ensure the original file is rendereduseless without all chunks.

This process will preferably involve running an algorithm whichpreferably takes the chunk size and then distributes the bytes in apseudo random manner preferably taking the number of chunks and usingthis as an iteration count for the process. This will preferably protectdata even in event of somebody getting hold of the encryption keys—asthe chunks data is rendered useless even if transmitted in the openwithout encryption.

This defends against somebody copying all data and storing for manyyears until decryption of today's algorithms is possible, although thisis many years away.

This also defends against somebody; instead of attempting to decrypt achunk by creating the enormous amount of keys possible, (in the regionof 2″54) rather instead creating the keys and presenting chunks to allkeys—if this were possible (which is unlikely) a chunk would decrypt.The process defined here makes this attempt useless.

All data will now be considered to be diluted throughout the originalchunks and preferably additions to this algorithm will only strengthenthe process.

Identify Chunks (FIG. 1—P9)

According to a related aspect of this invention, a chunk's original hashor other calculable unique identifier will be stored. This will bestored with preferably the final chunk name. This aspect defines thateach file will have a separate map preferably a file or database entryto identify the file and the name of its constituent parts. Preferablythis will include local information to users such as original locationand rights (such as a read only system etc.). Preferably some of thisinformation can be considered shareable with others such as filename,content hash and chunks names.

ID Data with Small File (FIG. 1—P11)

According to a related aspect of this invention; these data maps may bevery small in relation to the original data itself allowing transmissionof files across networks such as the internet with extreme simplicity,security and bandwidth efficiency. Preferably the transmission of mapswill be carried out in a very secure manner, but failure to do this isakin to currently emailing a file in its entirety.

This allows a very small file such as the data map or database record tobe shared or maintained by a user in a location not normally largeenough to fit a file system of any great size, such as on a PDA ormobile phone. The identification of the chunk names, original names andfinal names are all that is required to retrieve the chunks and rebuildthe file with certainty.

With data maps in place a user's whole machine, or all its data, canexist elsewhere. Simply retrieving the data maps of all data, is allthat is required to allow the user to have complete visibility andaccess to all their data as well as any shared files they have agreedto.

Revision Control (FIG. 1—PIO)

According to a related aspect of this invention, as data is updated andthe map contents alter to reflect the new contents, this will preferablynot require the deletion or removal of existing chunks, but insteadallow the existing chunks to remain and the map appended to with anindication of a new revision existing. Preferably further access to thefile will automatically open the last revision unless requested to openan earlier revision.

Preferably revisions of any file can be forgotten or deleted (preferablyafter checking the file counter or access list of sharers as above).This will allow users to recover space from no longer requiredrevisions.

Create Map of Maps (FIG. 1—P15)

According to a related aspect of this invention, data identifiers,preferably data maps as mentioned earlier, can be appended to each otherin a way that preferably allows a single file or database record toidentity-several files in one as-a share. Such a share can be private tothe individual, thereby replacing the directory structure of files thatusers are normally used to, and replacing this with a new structure ofshares very similar to volumes or filing cabinets as this is more inline with normal human nature and should make things simpler.

Share Maps (FIG. 1—P16)

According to a related aspect of this invention, this map of maps willpreferably identify the users connected to it via some public ID that isknown to each other user, with the map itself will being passed to userswho agree to join the share. This will preferably be via an encryptedchannel such as ms messenger or similar. This map may then be accessedat whatever rank level users have been assigned. Preferably there willbe access rights such as read/delete/add/edit as is typically usedtoday. As a map is altered, the user instigating this is checked againstthe user list in the map to see if this is allowed. If not, the requestis ignored but preferably the users may then save the data themselves totheir own database or data maps as a private file or even copy the fileto a share they have access rights for. These shares will preferablyalso exhibit the revision control mechanism described above.

Preferably joining the share will mean that the users subscribe to ashared amount of space and reduce the other subscription, i.e. a 10 Gbshare is created then the individual gives up 10 Gb (or equivalentdependent on system requirements which may be a multiple or divisor of10 Gb). Another user joining means they both have a 5 Gb space to giveup and 5 users would mean they all have a 2 Gb or equivalent space togive up. So with more people sharing, requirements on all users reduce.

Shared Access to Private Files (FIG. 1—PT5 and FIG. 18)

1. User 1 logs on to network

2. Authenticates ID—i.e. gets access to his public and private keys tosign messages. This should NOT be stored locally but should have beenretrieved from a secure location—anonymously and securely.

3. User 1 saves a file as normal (encrypted, obfuscated, chunked, andstored on the net via a signed and anonymous ID. This ID is a specialmaidsafe.net Share ID (MSID) and is basically a new key pair createdpurely for interacting with the share users—to mask the user's MID (i.e.cannot be tied to MPID via a share). So again the MSID is a key pair andthe ID is the hash of the public key—this public key is stored in achunk called the hash and signed and put on the net for others toretrieve and confirm that the public key belongs to the hash.

4. User creates a share—which is a data map with some extra elements tocover users and privileges.

5. File data added to file map is created in the backup process, withone difference, this is a map of maps and may contain many files—see 14

6. User 2 logs in

7. User 2 has authentication details (i.e. their private MPID key) andcan sign/decrypt with this MPID public key.

8. User 1 sends a share join request to user 2 (shares are invisible onthe net—i.e. nobody except the sharers to know they are there).

9. User 1 signs the share request to state he will join share. Hecreates his MSID key pair at this time. The signed response includesUser 2's MSID public key.

10. Share map is encrypted or sent encrypted (possibly by securemessenger) to User 1 along with the MSID public keys of any users of theshare that exist. Note the transmittion of MSID public key may not berequired as the MSID chunks are saved on the net as described in 3 soany user can check the public key at any time—this just saves the searchoperation on that chunk to speed the process up slightly.

11. Each user has details added to the share these include public name(MPID) and rights (read/write/delete/admin etc.)

12. A description of the share file Note that as each user saves newchunks he does so with the MSID keys, this means that if a shares isdeleted or removed the chunks still exist in the users home database andhe can have the option to keep the data maps and files as individualfiles or simply forget them all.

Note also that as a user opens a file, a lock is transmitted to allother shares and they will only be allowed to open a file read only—theycan request unlock (i.e. another user unlocks the file—meaning itbecomes read only). Non-logged in users will have a message buffered forthem—if the file is closed the buffered message is deleted (as there isno point in sending it to the user now) and logged in users are updatedalso.

This will take place using the messenger component of the system toautomatically receive messages from share users about shares (but beinglimited to that).

Provide Public ID (FIG. 1—P17)

According to a related aspect of this invention, a public and Privatekey pair is created for a network where preferably the user isanonymously logged on, and preferably has a changeable pseudo randomprivate id which is only used for transmission and retrieval of IDblocks giving access to that network.

Preferably this public private key pair will be associated with a publicID. This ID will be transmittable in a relatively harmless way usingalmost any method including in the open (email, ftp, www etc.) butpreferably in an encrypted form. Preferably this ID should be simpleenough to remember such as a phone number type length. Preferably thisID will be long enough however, to cope with all the world's populationand more, therefore it would be preferably approx 11 characters long.

This ID can be printed on business cards or stationary like a phonenumber or email address and cannot be linked to the users private ID byexternal sources. However the user's own private information makes thislink by storing the data in the ID bit the user retrieves when loggingin to the network or via another equally valid method of secure networkauthentication.

This ID can then be used in data or resource sharing with others in amore open manner than with the private id. This keeps the private IDprivate and allows much improved inter-node or inter-personcommunications.

Secure Communications (FIG. 1—P18)

According to a related aspect of this invention, the communicationsbetween nodes should be both private and validated. This is preferablyirrefutable but there should be options for refutable communications ifrequired. For irrefutable communications the user logs on to the networkand retrieves their key pair and ID. This is then used to startcommunications. Preferably the user's system will seek another node totransmit and receive from randomly—this adds to the masking of theuser's private ID as the private ID is not used in any handshake withnetwork resources apart from logging in to the network.

As part of the initial handshake between users, a key may be passed.Preferably this is a code passed between users over anothercommunications mechanism in a form such as a pin number known only tothe users involved or it may be as simple as appending the user's nameand other info to a communication request packet such as exists in someinstant messaging clients today—i.e. David wants to communicate with youallow/deny/block.

Unlike many communications systems today, this is carried out on adistributed server-less network. This however provides the problem ofwhat to do when users are off line. Today messages are either, stoppedor stored on a server, and in many cases not encrypted or secured. Thisinvention allows users to have messages securely buffered whilst offline. This is preferably achieved by the node creating a uniqueidentifier for only this session and passing that ID to all known nodesin the user's address book. Users on-line get this immediately, usersoff-line have this buffered to their last known random ID. This ensuresthat the ability to snoop on a user's messages is significantly reducedas there is no identifier to people outside the address book as to thename of the random ID bit the messages are stored to. The random ID bitis preferably used as the first part of the identified buffer file nameand when more messages are stored then another file is saved with therandom id and a number appended to it representing the next sequentialavailable number. Therefore a user will log on and retrieve the messagesequentially. This allows buffered secured and distributed messaging toexist.

Document Signing (FIG. 1—P19)

According to a related aspect of this invention, a by-product ofsecuring communications between nodes using asymmetric encryption is aspreviously stated, introducing a non-refutable link. This allows for notonly messages between nodes to be non-refutable but also for documentssigned in the same manner as messages to be non refutable. Todaysomebody can easily steal a user's password or purposely attack users asthey are not anonymous; this invention provides a great deal ofanonymity and backs this up with access to resources. Documents may besigned and passed as legally enforceable between parties as a contractin many countries.

Contract Conversations (FIG. 1—P20)

According to a related aspect of this invention, a conversation or topiccan be requested under various contracted conditions. The system mayhave a non disclosure agreement as an example and both parties digitallysign this agreement automatically on acceptance of a contractconversation. In this case a non disclosure conversation. This willpreferably speed up and protect commercial entities entering intoagreements or where merely investigating a relationship. Preferablyother conditions can be applied here such as preferably full disclosureconversations, Purchase order conversations, contract signingconversations etc. This is all carried out via a system preferablyhaving ready made enforceable contracts for automatic signing. Thesecontracts may preferably be country or legal domain specific and willrequire to be enforceable under the law of the countries where theconversation is happening. This will require the users to preferablyautomatically use a combination of geographic IP status and by selectingwhich is their home country and where are they are at that time locatedand having that conversation.

Preferably only the discussion thread is under this contract, allowingany party to halt the contract but not the contents of the thread whichis under contract.

Preferably there can also be a very clear intent statement for aconversation that both parties agree to. This statement will form thebasis of a contract in the event of any debate. The clearer the intentstatement is; the better for enforceability. These conversations arepotentially not enforceable but should lead to simplifying anyresolution required at a later date. Preferably this can be addedtogether with an actual contract conversation such as a non disclosureagreement to form a pack of contracts per conversation. Contractconversations will be clearly identified as such with copies of thecontracts easily viewable by both parties at any time, these contractswill preferably be data maps and be very small in terms of storage spacerequired.

ms_messenger (FIG. 1—PT6 and FIG. 19)

1. A non public ID preferably one which is used in some other autonomoussystem is used as a sign in mechanism and creates a Public ID key pair.

2. The user selects or creates their public ID by entering a name thatcan easily be remembered (such as a nickname) the network is checked fora data element existing with a hash of this and if not there, this nameis allowed. Otherwise the user is asked to choose again.

3. This ID called the MPID (maidsafe.net public ID) can be passed freelybetween friends or printed on business cards etc. as an email address istoday.

4. To initiate communications a user enters the nickname of the personhe is trying to communicate with along with perhaps a short statement(like a prearranged pin or other challenge). The receiver agrees orotherwise to this request, disagreeing means a negative score starts tobuild with initiator. This score may last for hours, days or even monthsdepending on regularity of refusals. A high score will accompany anycommunication request messages. Users may set a limit on how manyrefusals a user has prior to being automatically ignored.

5. All messages now transmitted are done so encrypted with the receivingparty's public key, making messages less refutable.

6. These messages may go through a proxy system or additional nodes tomask the location of each user.

7. This system also allows document signing (digital signatures) andinterestingly, contract conversations. This is where a contract issigned and shared between the users. Preferably this signed contract isequally available to all in a signed (non changeable manner) andretrievable by all. Therefore a distributed environment suits thismethod. These contracts may be NDAs Tenders, Purchase Orders etc.

8. This may in some cases require individuals to prove their identityand this can take many forms from dealing with drivers licenses toutility bills being signed off in person or by other electronic methodssuch as inputting passport numbers, driving license numbers etc.

9. If the recipient is on line then messages are sent straight to themfor decoding.

10. If the recipient is not on line, messages are require to be bufferedas required with email today.

11. Unlike today's email though, this is a distributed system with noservers to buffer to. In maidsafe.net messages are stored on the netencrypted with the receiver's public key. Buffer nodes may be knowntrusted nodes or not.

12. Messages will look like receivers id. message 1.message 2 or simplybe appended to the users MPID chunk, in both cases messages are signedby the sender. This allows messages to be buffered in cases where theuser is offline. When the user comes on line he will check his ID chunkand look for appended messages as above ID.messageI etc. which isMPID.<message 1 data>.<message 2 data> etc

This system allows the ability for automatic system messages to be sent,i.e . . . in the case of sharing the share, data maps can exist oneveryone's database and never be transmitted or stored in the open. Filelocks and changes to the maps can automatically be routed between usersusing the messenger system as described above. This is due to thedistributed nature of maidsafe.net and is a great, positivedifferentiator from other messenger systems. These system commands willbe strictly limited for security reasons and will initially be used tosend alerts from trusted nodes and updates to share information by othershares of a private file share (whether they are speaking with them ornot).

The best way within our current power to get rid of email spam is to getrid of email servers.

Anonymous Transactions (FIG. 1—P24)

According to a related aspect of this invention, the ability to transactin a global digital medium is made available with this invention. Thisis achieved by passing signed credits to sellers in return for goods.The credits are data chunks with a given worth preferably 1, 5, 10, 20,50, 100 etc. units (called cybers in this case). These cybers are adigital representation of a monetary value and can be purchased asdescribed below or earned for giving up machine resources such as diskspace of cpu time etc. There should be preferably many ways to earncybers.

A cyber is actually a digitally signed piece of data containing thevalue statement i.e. 10 cybers and preferably a serial number. During atransaction the seller's serial number database is checked for validityof the cyber alone. The record of the ID used to transact is preferablynot transmitted or recorded. This cyber will have been signed by theissuing authority as having a value. This value will have been provenand preferably initially will actually equate to a single currency forinstance linked to a Euro. This will preferably alter through time asthe system increases in capability.

Some sellers may request non anonymous transactions and if the useragrees he will then use the public ID creation process to authenticatethe transaction and may have to supply more data. However there may beother sellers who will sell anonymously. This has a dramatic effect onmarketing and demographic analysis etc. as some goods will sell anywhereand some will not. It is assumed this system allows privacy and freedomto purchase goods without being analysed.

The process of transacting the cybers will preferably involve a signingsystem such that two people in a transaction will actually pass thecyber from the buyer to the seller. This process will preferably alterthe signature on the cyber to the seller's signature. This new signatureis reported back to the issuing authority.

Interface with Non-Anonymous Systems (FIG. 1—P23)

According to a related aspect of this invention, people may purchasedigital cash or credits from any seller of the cash. The seller willpreferably create actual cash data chunks which are signed andserialised to prevent forgery. This is preferably accountable as withtoday's actual cash to prevent fraud and counterfeiting. Sellers willpreferably be registered centrally in some cases. The users can thenpurchase cybers for cash and store these in their database of files in asystem preferably such as maidsafe.net.

As a cyber is purchased it is preferably unusable and in fact simply areference number used to claim the cyber's monetary value by thepurchaser's system. This reference number will preferably be valid for aperiod of time. The purchaser then logs in to their system such asmaidsafe.net and inputs the reference number in a secure communicationsmedium as a cyber request. This request is analysed by the issuingauthority and the transaction process begins. Preferably the cyber issigned by the issuing authority that then preferably encrypts it withthe purchaser's public key and issues a signing request. The cyber isnot valid at this point. Only when a signed copy of the cyber isreceived by the issuing authority is the serial number made valid andthe cyber is live.

This cyber now belongs to the purchaser and validated by the issuer. Tocarry out a transaction this process is preferably carried out againi.e. the seller asks for payment and a cyber signed by the buyer ispresented—this is validated by checking with the issuer that the serialcode is valid and that the buyer is the actual owner of the cyber.Preferably the buyer issues a digitally signed transaction record to theissuing authority to state he is about to alter that cyber's owner. Thisis then passed to the seller who is requested to sign it. The sellerthen signs the cyber and requests the issuing authority to accept him asnew owner via a signed request. The authority then simply updates thecurrent owner of the cyber in their records.

These transactions are preferably anonymous, as users should be using aprivate id to accomplish this process. This private ID can be altered atany time but the old id should be saved to allow cyber transactions totake place with the old id.

Anonymity (FIG. 1—P25)

According to a related aspect of this invention, a system of votingwhich is non refutable and also anonymous is to be considered. This is arequirement to allow free speech and thinking to take place on a globalscale without recrimination and negative feedback as is often the case.

To partake in a vote the user will have to be authenticated as abovethen preferably be presented with the issue to be voted on. The userwill then use a private ID key to sign their vote anonymously.Preferably non anonymous irrefutable voting may also take place in thesystem by simply switching from a private ID to a public one. This willpreferably form the basis of a petition based system as an add-on to thevoting system.

The system will require that a block of data can be published(preferably broadcast to each user via messenger) and picked up by eachuser of the system and presented as a poll. This poll will then besigned by the user and sent back to the poll issuer whose system willcount the votes and preferably show a constant indication of the votesto date.

As there are public and private IDs available, then each vote willrequire preferably only ONE ID to be used to prevent double voting.Preferably geographic IP may be used to establish geographic analysis ofthe voting community particularly on local issues.

Voting System (FIG. 1—PT8 and FIG. 20)

1. A vote is created in a normal fashion; it could be a list ofcandidates or a list of choices that users have to select. Preferablythis list will always have an “I do not have enough information” optionappended to the bottom of the list—to ensure voters have sufficientknowledge to make a decision. A limit on the last option should bestipulated as a limit to void the vote and redo with more information.

2. This vote is stored on the system with the ID of the votingauthority. This may be a chunk of data called with a specific name anddigitally signed for authenticity. All storage nodes may be allowed toensure certain authorities are allowed to store votes, and only storevotes digitally signed with the correct ID.

3. A system broadcast may be used to let everyone interested know thatthere is a new vote to be retrieved. This is an optional step to reducenetwork congestion with constant checking for votes; other similarsystems may be used for the same ends.

4. A non anonymous user logged into the net will pick up the vote. Thisis a user with a public ID known at least to the authority. The vote mayin fact be a shared chunk that only certain IDs have access to or knowof its location (i.e. split onto several component parts and a messagingsystem used to alert when votes are ready.)

5. An anonymous user may be logged onto the net and may in fact use arandom ID to pick up the vote.

6. The vote is retrieved.

7. The system will send back a signed (with the ID used to pick up thevote) “I accept the vote”.

8. The voting authority will transmit a ballot paper—i.e. a digitallysigned (and perhaps encrypted/chunked) ballot paper. This may be adigitally signed “authorisation to vote” slip which may or may not besequentially numbered or perhaps a batch of x number of the same serialnumbers (to prevent fraud by multiple voting from one source—i.e. issue5 same numbers randomly and only accept 5 votes with that number).

9. User machine decrypts this ballot paper.

10. The users system creates a one time ID+key pair to vote. This publickey can be hashed and stored on the net as with a MAID or PMID so as toallow checking of any signed or encrypted votes sent back.

11. The vote is sent back to the authority signed and preferablyencrypted with the authority's public key.

12. In the case of anonymous or non anonymous voting this may be furthermasqueraded by passing the vote through proxy machines en route.

13. The vote is received and a receipt chunk put on the net. This is achunk called with the user's temp (or voting) ID hash with the last bitshifted or otherwise knowingly mangled—so as not to collide with thevoting ID bit the user stores for authentication of their public key.

14. The authority can then publish a list of who voted for what (i.e. alist of votes and the voting ID's)

15. The user's system checks the list for the ID that was used beingpresent in the list and validates that the vote was cast properly.

If this is not the case.

16. The users system issues an alert. This alert may take many forms andmay include signing a vote alert packet; this can be a packed similarly(as in 13,) altered to be a known form of the vote chunk itself. Thereare many forms of raising alerts including simply transmitting anelectronic message through messenger or similar and possibly to a voteauthentication party and not necessarily the voting authoritythemselves.

17. The user has all the information to show the party investigatingvoting authenticity, accuracy, legality or some other aspect, therebyallowing faults and deliberately introduced issues to be tracked down.

18. The user has the option to remove all traces of the vote from hissystem at this time.

Proven Individual (FIG. 1—P26)

According to a related aspect of this invention, using a system ofanonymous authentication preferably as in maidsafe.net, the first stageis partially complete and individual accounts are authentic but thisdoes not answer the question of anonymous individuals, this is describedhere.

Access to a system can be made with information that we possess(passwords etc.) or something that we physically have (iris/fingerprintor other biometric test). To prove an individual's identity the systemwill preferably use a biometric test. This is a key to the voting systemas it becomes more broadly adopted. It is inherent in this system thatany personally identifying data must be kept secret, and also thatany—2086—passwords or access control information is never transmitted.

When a user authenticates, the system can recognise if they have done sobiometrically. In this case, the account is regarded as a uniqueindividual rather than an individual account. This is possible asmaidsafe.net can authenticate without accessing servers or databaserecords of a biometric nature for example.

As a user logs into maidsafe.net through a biometric mechanism then thestate of login is known so no login box is presented for typinginformation in to access the system. This allows the system to guaranteethat the user has logged in biometrically. The system on each machine isalways validated by maidsafe.net on login to ensure this process cannotbe compromised.

Preferably some votes will exist only for biometrically authenticatedusers.

Distributed Controlled Voting (FIG. 1—P29)

According to a related aspect of this invention, to further manage thesystem there has to be a level of control as well as distribution toenable all users to access it at any time. The distribution of the votesis controlled as system messages and stored for users using themessenger system described earlier.

The main issue with a system such as this would be ‘what’ is voted onand ‘who’ poses the votes and words polls. This is key to the fairnessand clarity of the system and process. This voting system willpreferably always have a ‘not enough information’ selection to provide aroute by which users are able to access information so that they arewell informed before making any decision.

The system will require a group of individuals, who are preferably votedinto office by the public as the policyholders/trustees of the votingsystem. This group will be known by their public ID and use their publicID to authenticate and publish a poll. This group will preferably bevoted into office for a term and may be removed at any time via aconsensus of the voting public. For this reason there will be continualpolls on line which reflect how well the policyholders are doing as agroup and preferably individually as well.

According to a related aspect of this invention, users of the systemwill input to the larger issues on the system. Macro management shouldbe carried out via the policyholders of the system, whom as mentionedpreviously may be voted in or out at any time, however larger issuesshould be left to the users. These issues can preferably be whatlicenses are used, costs of systems, dissemination of charitablecontributions, provision to humanitarian and scientific projects ofvirtual computing resources on large scales etc.

To achieve this, preferably a system message will be sent out, where itis not presented as a message but as a vote. This should show up in theusers voting section of the system. User private IDs will be required toact on this vote and they can make their decision.

There will be appeals on these votes when it would be apparent thatconclusion of the vote is dangerous to either a small community or thesystem as a whole. Users will have an option of continuing with the voteand potential damage but essentially the user will decide and that willbe final. Preferably this system does not have a block vote or any othersystem which rates one individual over another at any time or providesan advantage in any other way. This requires no ability to allow veto onany decision or casting of votes by proxy so that the authenticateduser's decision is seen as properly recorded and final.

According to a related aspect of this invention, a system of perpetualdata, self encrypting files and data mapping will allow a globalanonymous backup and restore system for data to exist. This system canbe constructed from the previous discussions where data may be madeperpetual on a network and anonymously shared to prevent duplication.This together with the ability to check, manipulate and maintainrevision control over files adds the capability of a ‘time machine’ typeenvironment where data may be time stamped on backup.

This allows a system to rebuild a user's data set as it was at any timein history since using maidsafe.net or similar technologies. This mayform a defence at times where in cases like prior art enquiries, insiderdealing etc. is being considered, as the system is secure and validatedby many other nodes etc. It can therefore be shown what knowledge (atleast from the point of view of owning the data pertaining to asubject,) anyone had of certain circumstances.

According to a related aspect of this invention, preferably usingaspect(s) previously defined or any that may improve this situation.Taking distributed authentication, backup and restore along with datamap sharing; the system can add to this the ability for granular accesscontrols. In this case a node entering the network will request anauthenticator to authorise its access. In this case the authenticatorwill be a manager or equivalent in an organisation (whether matrixmanaged or traditional pyramid). This authorisation will tie the publicID of the authoriser to the system as having access to this node's dataand any other authorisations they make (in an authorisation chain).

This allows an environment of distributed secure backup, restore andsharing in a corporate or otherwise private environment.

According to a related aspect of this invention, all of the capabilitiesdescribed here with the exception of the above will ensure that anetwork of nodes can be created, in which users have security privacyand freedom to operate.

These nodes will have refutable IDs (MAID, PMID etc.) as well as nonrefutable IDs (MPID) for different purposes, just as in human life ingeneral there is time to be identified and times when it is just bestnot to be.

According to a related aspect of this invention, adding the ability ofnon refutable messaging allows users to not only communicate genuinelyand securely but also the ability to communicate under contracted terms.This allows for the implementation of legally kept trade secrets (asimplied with NDA agreements etc.) plus many more contractedcommunications. This will hopefully lessen the burden on legal issuessuch as litigation etc.

According to a related aspect of this invention, adding the ability tocreate two voting systems, anonymous and non-anonymous, allows thesystem to provide a mechanism for instant democracy. This is achieved byallowing a voting panel in a user's account that is constantly updatedwith issues regarding the system and it's improvements initially. Thesevotes will be anonymous.

In another anonymous voting scenario users may continually vote oncertain subjects (as in a running poll) these subjects could be theleaders of boards etc.

In a non anonymous voting scenario it may be there's groups ofidentified people (via their MPID) who have a common grouping such as acharity or similar and they may require certain people to vote oncertain matters and be recognised. This is where the MPID is used forvoting.

According to a related aspect of this invention, adding to this theability to collect and trade credits anonymously allows users to sellmachine resources they are not using, trade on a network with a cashequivalent and go about there business on a network as they do in reallife.

1. A distributed network system that allows one to access any computervia the system and have their own data and desktop represented to themas well as the ability to access digital resources without involving3^(rd) party access controls or dedicated servers, this system comprisesof following steps: a. Perpetual data system: to ensure there areseveral copies of each piece of data at several geographic locationsgenerated by algorithms which monitor each other and create furthercopies on any type of failure or corruption of a single copy, b.Anonymous authentication system: which allows authentication access to adistributed system comprising of receiving a user identifier; retrievingan encrypted validation record identified by the user identifier;decrypting the encrypted validation record so as to provide decryptedinformation; and authenticating access to data in the distributed filesystem using the decrypted information to provide anonymousauthentication, the above combination provides a unique system withcumulative and synergistic benefits to allow people to effectivelycontrol access to their own digital resources without using servers,anonymous authentication of users, with an assurity of a self healing,fault resistant, and duplicate removal network.
 2. A distributed networkproduct of that allows one to access any computer via this product andhave their own data and desktop represented to them as well as theability to access digital resources without involving 3^(rd) partyaccess controls or dedicated servers, this system comprises of followingsteps: a. Perpetual data product: to ensure there are several copies ofeach piece of data at several geographic locations generated byalgorithms which monitor each other and create further copies on anytype of failure or corruption of a single copy, and comprises ofsynergistic steps of storage & retrieval, self-healing, securityavailability and peer ranking, b. Anonymous authentication product:which allows authentication access to a distributed system comprisingof; receiving a user identifier; retrieving an encrypted validationrecord identified by the user identifier; decrypting the encryptedvalidation record so as to provide decrypted Information; andauthenticating access to data in the distributed file system using thedecrypted information to provide anonymous authentication, the abovecombination provides a unique product with cumulative and synergisticbenefits to allow people to effectively control access to their owndigital resources without using servers, anonymous authentication ofusers, with an assurity of a self healing, fault resistant, andduplicate removal network.
 3. The distributed network system of claim 1which is coupled with self-encryption system that allows one to accessany computer via this system and have their own data and desktoprepresented to them as well as the ability to secure digital resourceswithout involving 3^(rd) party access controls or dedicated servers,this system comprises of following steps: a. Perpetual data system: toensure there are several copies of each piece of data at severalgeographic locations generated by algorithms which monitor each otherand create further copies on any type of failure or corruption of asingle copy, b. Self encryption system: which allows the data to bechunked, renamed, byte or bit swapped, encrypted and compressed throughalgorithms seeded by elements derived from the data itself so that dataholds the key to reversing the processes used and these are recorded forlater use and aids security and duplicate removal on a network widebasis, c. Anonymous authentication system: which allows authenticationaccess to a distributed system comprising the steps of; receiving a useridentifier; retrieving an encrypted validation record identified by theuser identifier; decrypting the encrypted validation record so as toprovide decrypted information; and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication, the above combination provides a unique systemwith cumulative and synergistic benefits to allow people to effectivelycontrol access to their own digital resources and securely store datawithout using servers, anonymous authentication of users, with anassurity of a self healing, fault resistant, and duplicate removalnetwork.
 4. The distributed network product of claim 2 which is coupledwith self-encryption product that allows one to access any computer viathis product and have their own data and desktop represented to them aswell as the ability to secure digital resources without involving 3^(rd)party access controls or dedicated servers, this product comprises offollowing steps: a. Perpetual data product: to ensure there are severalcopies of each piece of data at several geographic locations generatedby algorithm which monitor each other and create further copies on anytype of failure or corruption of a single copy, b. Self encryptionproduct: which allows the data to be chunked, renamed, byte or bitswapped, encrypted and compressed through algorithms seeded by elementsderived from the data itself so that data holds the key to reversing theprocesses used and these are recorded for later use and aids securityand duplicate removal on a network wide basis, c. Anonymousauthentication product: which allows authentication access to adistributed system comprising the steps of; receiving a user identifier;retrieving an encrypted validation record identified by the useridentifier; decrypting the encrypted validation record so as to providedecrypted information; and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication, the above combination provides a uniqueproduct with cumulative and synergistic benefits to allow people toeffectively control access to their own digital resources and securelystore data without using servers, anonymous authentication of users,with an assurity of a self healing, fault resistant, and duplicateremoval network.
 5. The distributed network system of claim 1 which iscoupled with data maps system that allows one to access any computer viathis system and have their own data and desktop represented to them aswell as the ability to secure digital resources without involving 3^(rd)party access controls or dedicated servers, this system comprises offollowing steps: a. Perpetual data system: to ensure there are severalcopies of each piece of data at several geographic locations generatedby algorithms which monitor each other and create further copies on anytype of failure or corruption of a single copy, b. Self encryptionsystem: which allows the data to be chunked, renamed, byte or bitswapped, encrypted and compressed through algorithms seeded by elementsderived from the data itself so that data holds the key to reversing theprocesses used and these are recorded for later use and aids securityand duplicate removal on a network wide basis, c. Data maps system:which allows creation of a database or ‘map’ of associated file chunksand their identifiers and provides a mechanism that allows data that haspreferably been split into chunks, to be stored, managed and accessed ina way that guarantees its convenient and secure availability to itsowner(s), d. Anonymous authentication system: which allowsauthentication access to a distributed system comprising the steps of;receiving a user identifier; retrieving an encrypted validation recordidentified by the user identifier; decrypting the encrypted validationrecord so as to provide decrypted information; and authenticating accessto data in the distributed file system using the decrypted informationto provide anonymous authentication, the above combination provides aunique system with cumulative and synergistic benefits to allow peopleto effectively control access to their own digital resources andsecurely store data without using servers, anonymous authentication ofusers, with an assurity of a self healing, fault resistant, andduplicate removal network.
 6. The distributed network product of claim 2which is coupled with data maps product that allows one to access anycomputer via this product and have their own data and desktoprepresented to them as well as the ability to secure digital resourceswithout involving 3^(rd) party access controls or dedicated servers,this product comprises of following steps: a. Perpetual data product: toensure there are several copies of each piece of data at severalgeographic locations generated by algorithms which monitor each otherand create further copies on any type of failure or corruption of asingle copy, b. Self encryption product: which allows the data to bechunked, renamed, byte or bit swapped, encrypted and compressed throughalgorithms seeded by elements derived from the data itself so that dataholds the key to reversing the processes used and these are recorded forlater use and aids security and duplicate removal on a network widebasis, c. Data maps product: which allows creation of a database or‘map’ of associated file chunks and their identifiers and provides amechanism that allows data that has preferably been split into chunks,to be stored, managed and accessed in a way that guarantees itsconvenient and secure availability to its owner(s), d. Anonymousauthentication product: which allows authentication access to adistributed system comprising the steps of; receiving a user identifier;retrieving an encrypted validation record identified by the useridentifier; decrypting the encrypted validation record so as to providedecrypted information; and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication, the above combination provides a uniqueproduct with cumulative and synergistic benefits to allow people toeffectively control access to their own digital resources and securelystore data without using servers, anonymous authentication of users,with an assurity of a self healing, fault resistant, and duplicateremoval network.
 7. The distributed network system of claim 1 which iscoupled with shared access to private files system that allows one toaccess any computer via this system and have their own data and desktoprepresented to them as well as the ability to securely share digitalresources without involving 3^(rd) party access controls or dedicatedservers, this system comprises of following steps: a. Perpetual datasystem: to ensure there are several copies of each piece of data atseveral geographic locations generated by algorithms which monitor eachother and create further copies on any type of failure or corruption ofa single copy, b. Self encryption system: which allows the data to bechunked, renamed, byte or bit swapped, encrypted and compressed throughalgorithms seeded by elements derived from the data itself so that dataholds the key to reversing the processes used and these are recorded forlater use and aids security and duplicate removal on a network widebasis, c. Data maps system: which allows creation of a database or ‘map’of associated file chunks and their identifiers and provides a mechanismthat allows data that has preferably been split into chunks, to bestored, managed and accessed in a way that guarantees its convenient andsecure availability to its owner(s), d. Anonymous authentication system:which allows authentication access to a distributed system comprisingthe steps of; receiving a user identifier; retrieving an encryptedvalidation record identified by the user identifier; decrypting theencrypted validation record so as to provide decrypted information; andauthenticating access to data in the distributed file system using thedecrypted information to provide anonymous authentication, e. Sharedaccess to private files system: to allow users to share concatenateddata maps in a shared environment without requiring any additionalphysical resources such as servers, discs etc. by steps of, provision ofpublic ID, encrypted communication and identifying data with very smallfile, the above combination provides a unique system with cumulative andsynergistic benefits to allow people to effectively control access totheir own digital resources and securely store data, share private files& secure data without using servers, anonymous authentication of users,with an assurity of a self healing, fault resistant, and duplicateremoval network.
 8. The distributed network product of claim 2 which iscoupled with shared access to private files product that allows one toaccess any computer via this product and have their own data and desktoprepresented to them as well as the ability to securely share digitalresources without involving 3^(rd) party access controls or dedicatedservers, this product comprises of following steps: a. Perpetual dataproduct: to ensure there are several copies of each piece of data atseveral geographic locations generated by algorithms which monitor eachother and create further copies on any type of failure or corruption ofa single copy, b. Self encryption product: which allows the data to bechunked, renamed, byte or bit swapped, encrypted and compressed throughalgorithms seeded by elements derived from the data itself so that dataholds the key to reversing the processes used and these are recorded forlater use and aids security and duplicate removal on a network widebasis, c. Data maps product: which allows creation of a database or‘map’ of associated file chunks and their identifiers and provides amechanism that allows data that has preferably been split into chunks,to be stored, managed and accessed in a way that guarantees itsconvenient and secure availability to its owner(s), d. Anonymousauthentication product: which allows authentication access to adistributed system comprising the steps of; receiving a user identifier;retrieving an encrypted validation record identified by the useridentifier; decrypting the encrypted validation record so as to providedecrypted information; and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication, e. Shared access to private files product: toallow users to share concatenated data maps in a shared environmentwithout requiring any additional physical resources such as servers,discs etc. by steps of, provision of public ID, encrypted communicationand identifying data with very small file, the above combinationprovides a unique product with cumulative and synergistic benefits toallow people to effectively control access to their own digitalresources and securely store data, share private files & secure datawithout using servers, anonymous authentication of users, with anassurity of a self healing, fault resistant, and duplicate removalnetwork.
 9. The distributed network system of claim 1 which is coupledwith ms messenger system that allows one to access any computer via thissystem and have their own data and desktop represented to them as wellas the ability to communicate securely and share digital resourceswithout involving 3^(rd) party access controls or dedicated servers,this system comprises of following steps: a. Perpetual data system: toensure there are several copies of each piece of data at severalgeographic locations generated by algorithms which monitor each otherand create further copies on any type of failure or corruption of asingle copy, b. Self encryption system: which allows the data to bechunked, renamed, byte or bit swapped, encrypted and compressed throughalgorithms seeded by elements derived from the data itself so that dataholds the key to reversing the processes used and these are recorded forlater use and aids security and duplicate removal on a network widebasis, c. Data maps system: which allows creation of a database or ‘map’of associated file chunks and their identifiers and provides a mechanismthat allows data that has preferably been split into chunks, to bestored, managed and accessed in a way that guarantees its convenient andsecure availability to its owner(s), d. Anonymous authentication system:which allows authentication access to a distributed system comprisingthe steps of; receiving a user identifier; retrieving an encryptedvalidation record identified by the user identifier; decrypting theencrypted validation record so as to provide decrypted information; andauthenticating access to data in the distributed file system using thedecrypted information to provide anonymous authentication, e. Sharedaccess to private files system: to allow users to share concatenateddata maps in a shared environment without requiring any additionalphysical resources such as servers, discs etc. by steps of, provision ofpublic ID, encrypted communication and identifying data with very smallfile, f. ms messenger system: to allow synchronisation of system anduser messages in an irrefutable manner, by allowing messaging whereidentity is validated to prevent spam and further uses this identity toallow digitally validated document signing and accounts are created froma very good known source of personal account information which need notbe a public account and can be a private account as in a maidsafe.netaccount and communications are via a digital contract which is digitallysigned and the conversation is subject to the contract terms, the abovecombination provides a unique system with cumulative and synergisticbenefits to allow people to effectively control access to their owndigital resources and secure communications, store data & shareresources, share private files & secure data without using servers,anonymous authentication of users, with an assurity of a self healing,fault resistant, and duplicate removal network.
 10. The distributednetwork product of claim 2 which is coupled with ms messenger productthat allows one to access any computer via this product and have theirown data and desktop represented to them as well as the ability tocommunicate securely and share digital resources without involving3^(rd) party access controls or dedicated servers, this productcomprises of following steps: a. Perpetual data product: to ensure thereare several copies of each piece of data at several geographic locationsgenerated by algorithms which monitor each other and create furthercopies on any type of failure or corruption of a single copy, b. Selfencryption product: which allows the data to be chunked, renamed, byteor bit swapped, encrypted and compressed through algorithms seeded byelements derived from the data itself so that data holds the key toreversing the processes used and these are recorded for later use andaids security and duplicate removal on a network wide basis, c. Datamaps product: which allows creation of a database or ‘map’ of associatedfile chunks and their identifiers and provides a mechanism that allowsdata that has preferably been split into chunks, to be stored, managedand accessed in a way that guarantees its convenient and secureavailability to its owner(s), d. Anonymous authentication product: whichallows authentication access to a distributed system comprising thesteps of; receiving a user identifier; retrieving an encryptedvalidation record identified by the user identifier; decrypting theencrypted validation record so as to provide decrypted information; andauthenticating access to data in the distributed file system using thedecrypted information to provide anonymous authentication, e. Sharedaccess to private files product: to allow users to share concatenateddata maps in a shared environment without requiring any additionalphysical resources such as servers, discs etc. by steps of, provision ofpublic ID, encrypted communication and identifying data with very smallfile, f. ms messenger product: to allow synchronisation of system anduser messages in an irrefutable manner, by allowing messaging whereidentity is validated to prevent spam and further uses this identity toallow digitally validated document signing and accounts are created froma very good known source of personal account information which need notbe a public account and can be a private account as in a maidsafe.netaccount and communications are via a digital contract which is digitallysigned and the conversation is subject to the contract terms, the abovecombination provides a unique product with cumulative and synergisticbenefits to allow people to effectively control access to their owndigital resources and secure communications, store data & shareresources, share private files & secure data without using servers,anonymous authentication of users, with an assurity of a self healing,fault resistant, and duplicate removal network.
 11. The distributednetwork system of claim 1 which is coupled with cyber cash system withthat allows one to access any computer via this system and havecommunicate securely and share digital resources without involving3^(rd) party access controls or dedicated servers, this system comprisesof following steps: a. Perpetual data system: to ensure there areseveral copies of each piece of data at several geographic locationsgenerated by algorithms which monitor each other and create furthercopies on any type of failure or corruption of a single copy, b. Selfencryption system: which allows the data to be chunked, renamed, byte orbit swapped, encrypted and compressed through algorithms seeded byelements derived from the data itself so that data holds the key toreversing the processes used and these are recorded for later use andaids security and duplicate removal on a network wide basis, c. Datamaps system: which allows creation of a database or ‘map’ of associatedfile chunks and their identifiers and provides a mechanism that allowsdata that has preferably been split into chunks, to be stored, managedand accessed in a way that guarantees its convenient and secureavailability to its owner(s), d. Anonymous authentication system: whichallows authentication access to a distributed system comprising thesteps of; receiving a user identifier; retrieving an encryptedvalidation record identified by the user identifier; decrypting theencrypted validation record so as to provide decrypted information; andauthenticating access to data in the distributed file system using thedecrypted information to provide anonymous authentication, e. Sharedaccess to private files system: to allow users to share concatenateddata maps in a shared environment without requiring any additionalphysical resources such as servers, discs etc. by steps of, provision ofpublic ID, encrypted communication and identifying data with very smallfile, and comprises of synergistic steps of provision of public ID,encrypted communication, f. Cyber cash system: to allow the ability todigitally trade resources anonymously on a network, by provision of asystem of credits within a global network, which can be passed ortransacted anonymously with users having a valid identity thatconstantly changes but which may be re-validated at any stage and allowspurchasing from sources that have a known and public ID of credits andalmost instantly transacting these to a private and ever changingprivate ID, assuring and protecting the identity of users, g. msmessenger system: to allow synchronisation of system and user messagesin an irrefutable manner, by allowing messaging where identity isvalidated to prevent spam and further uses this identity to allowdigitally validated document signing and accounts are created from avery good known source of personal account information which need not bea public account and can be a private account as in a maidsafe.netaccount and communications are via a digital contract which is digitallysigned and the conversation is subject to the contract terms, the abovecombination provides a unique system with cumulative and synergisticbenefits to allow people to effectively control access to their owndigital resources and secure communications, store data & shareresources, share private files & secure data without using servers,anonymous authentication of users, approve transaction based on digitalcurrency, with an assurity of a self healing, fault resistant, andduplicate removal network.
 12. The distributed network product of claim2 which is coupled with cyber cash product that allows one to access anycomputer via this product and have their own data and desktoprepresented to them as well as the ability to communicate securely andshare digital resources without involving 3^(rd) party access controlsor dedicated servers, this product comprises of following steps: a.Perpetual data product: to ensure there are several copies of each pieceof data at several geographic locations generated by algorithms whichmonitor each other and create further copies on any type of failure orcorruption of a single copy, b. Self encryption product: which allowsthe data to be chunked, renamed, byte or bit swapped, encrypted andcompressed through algorithms seeded by elements derived from the dataitself so that data holds the key to reversing the processes used andthese are recorded for later use and aids security and duplicate removalon a network wide basis, c. Data maps product: which allows creation ofa database or ‘map’ of associated file chunks and their identifiers andprovides a mechanism that allows data that has preferably been splitinto chunks, to be stored, managed and accessed in a way that guaranteesits convenient and secure availability to its owner(s), d. Anonymousauthentication product: which allows authentication access to adistributed system comprising the steps of; receiving a user identifier;retrieving an encrypted validation record identified by the useridentifier; decrypting the encrypted validation record so as to providedecrypted information; and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication, e. Shared access to private files product: toallow users to share concatenated data maps in a shared environmentwithout requiring any additional physical resources such as servers,discs etc. by steps of, provision of public ID, encrypted communicationand identifying data with very small file, and comprises of synergisticsteps of provision of public ID, encrypted communication, f. Cyber cashproduct: to allow the ability to digitally trade resources anonymouslyon a network, by provision of a system of credits within a globalnetwork, which can be passed or transacted anonymously with usersre-validated at any stage and allows purchasing from sources that have aknown and public ID of credits and almost instantly transacting these toa private and ever changing private ID, assuring and protecting theidentity of users, g. ms messenger product: to allow synchronisation ofsystem and user messages in an irrefutable manner, by allowing messagingwhere identity is validated to prevent spam and further uses thisidentity to allow digitally validated document signing and accounts arecreated from a very good known source of personal account informationwhich need not be a public account and can be a private account as in amaidsafe.net account and communications are via a digital contract whichis digitally signed and the conversation is subject to the contractterms, the above combination provides a unique product with cumulativeand synergistic benefits to allow people to effectively control accessto their own digital resources and secure communications, store data &share resources, share private files & secure data without usingservers, anonymous authentication of users, approve transaction based ondigital currency, with an assurity of a self healing, fault resistant,and duplicate removal network.
 13. The distributed network system ofclaims 1 which is coupled with worldwide voting system that allows oneto access any computer via this system and have their own data anddesktop represented to them as well as the ability to communicatesecurely and share digital resources without involving 3^(rd) partyaccess controls or dedicated servers, this system comprises ofcombination of following steps: a. Perpetual data system: to ensurethere are several copies of each piece of data at several geographiclocations generated by algorithms which monitor each other and createfurther copies on any type of failure or corruption of a single copy, b.Self encryption system: which allows the data to be chunked, renamed,byte or bit swapped, encrypted and compressed through algorithms seededby elements derived from the data itself so that data holds the key toreversing the processes used and these are recorded for later use andaids security and duplicate removal on a network wide basis, c. Datamaps system: which allows creation of a database or ‘map’ of associatedfile chunks and their identifiers and provides a mechanism that allowsdata that has preferably been split into chunks, to be stored, managedand accessed in a way that guarantees its convenient and secureavailability to its owner(s), d. Anonymous authentication system: whichallows authentication access to a distributed system comprising thesteps of; receiving a user identifier; retrieving an encryptedvalidation record identified by the user identifier; decrypting theencrypted validation record so as to provide decrypted information; andauthenticating access to data in the distributed file system using thedecrypted information to provide anonymous authentication, e. Sharedaccess to private files system: to allow users to share concatenateddata maps in a shared environment without requiring any additionalphysical resources such as servers, discs etc. by steps of, provision ofpublic ID, encrypted communication and identifying data with very smallfile, f. Cyber cash system: to allow the ability to digitally traderesources anonymously on a network, by provision of a system of creditswithin a global network, which can be passed or transacted anonymouslywith users having a valid identity that constantly changes but which maybe re-validated at any stage and allows purchasing from sources thathave a known and public ID of credits and almost instantly transactingthese to a private and ever changing private ID, assuring and protectingthe identity of users, g. ms messenger system: to allow synchronisationof system and user messages in an irrefutable manner, by allowingmessaging where identity is validated to prevent spam and further usesthis identity to allow digitally validated document signing and accountsare created from a very good known source of personal accountinformation which need not be a public account and can be a privateaccount as in a maidsafe.net account and communications are via adigital contract which is digitally signed and the conversation issubject to the contract terms, h. World-wide voting system: provides asystem of authentication of unique people or accounts in a network byallowing a system of displaying or otherwise making available theability to be presented with options or choices from which a user oraccount owner can choose their favoured option and by the ability toreceive votes using anonymous ID's or to demand certain aspects are metsuch as proven individual, geographic location or other parameters, theabove combination provides a unique system with cumulative andsynergistic benefits to allow people to effectively control access totheir own digital resources and secure communications, store data &share resources, share private files & secure data without usingservers, anonymous authentication of users, approve transaction based ondigital currency, CPU sharing via anonymous voting system, with anassurity of a self healing, fault resistant, and duplicate removalnetwork.
 14. The distributed network product of claim 2 which is coupledwith worldwide voting product that allows one to access any computer viathis product and have their own data and desktop represented to them aswell as the ability to communicate securely and share digital resourceswithout involving 3rd party access controls or dedicated servers, thisproduct comprises of following steps: a. Perpetual data product: toensure there are several copies of each piece of data at severalgeographic locations generated by algorithms which monitor each otherand create further copies on any type of failure or corruption of asingle copy, b. Self encryption product: which allows the data to bechunked, renamed, byte or bit swapped, encrypted and compressed throughalgorithms seeded by elements derived from the data itself so that dataholds the key to reversing the processes used and these are recorded forlater use and aids security and duplicate removal on a network widebasis, c. Data maps product: which allows creation of a database or‘map’ of associated file chunks and their identifiers and provides amechanism that allows data that has preferably been split into chunks,to be stored, managed and accessed in a way that guarantees itsconvenient and secure availability to its owner(s), d. Anonymousauthentication product: which allows authentication access to adistributed system comprising the steps of; receiving a user identifier;retrieving an encrypted validation record identified by the useridentifier; decrypting the encrypted validation record so as to providedecrypted information; and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication, e. Shared access to private files product: toallow users to share concatenated data maps in a shared environmentwithout requiring any additional physical resources such as servers,discs etc. by steps of, provision of public ID, encrypted communicationand identifying data with very small file, f. Cyber cash product: toallow the ability to digitally trade resources anonymously on a network,by provision of a system of credits within a global network, which canbe passed or transacted anonymously with users having a valid identitythat constantly changes but which may be re-validated at any stage andallows purchasing from sources that have a known and public ID ofcredits and almost instantly transacting these to a private and everchanging private ID, assuring and protecting the identity of users, g.ms messenger product: to allow synchronisation of system and usermessages in an irrefutable manner, by allowing messaging where identityis validated to prevent spam and further uses this identity to allowdigitally validated document signing and accounts are created from avery good known source of personal account information which need not bea public account and can be a private account as in a maidsafe.netaccount and communications are via a digital contract which is digitallysigned and the conversation is subject to the contract terms, h.World-wide voting product: provides a system of authentication of uniquepeople or accounts in a network by allowing a system of displaying orotherwise making available the ability to be presented with options orchoices from which a user or account owner can choose their favouredoption and by the ability to receive votes using anonymous ID's or todemand certain aspects are met such as proven individual, geographiclocation or other parameters, the above combination provides a uniqueproduct with cumulative and synergistic benefits to allow people toeffectively control access to their own digital resources and securecommunications, store data & share resources, share private files &secure data without using servers, anonymous authentication of users,approve transaction based on digital currency, CPU sharing via anonymousvoting system, with an assurity of a self healing, fault resistant, andduplicate removal network.
 15. The method of claim 1 for allowing usersto securely store data and share resources across a distributed networkby utilising anonymously shared computer resources.
 16. The method ofclaim 1 for allowing users to store data and share resources across adistributed network by utilising anonymously shared computer resources.17. The method of claim 1 to allow secure communications between usersby utilising public ID's linked to anonymous ID'S to authenticate usersas well as allowing contract signed conversations.
 18. The method ofclaim 1 to allow sharing and allocation of resources globally byutilising effort based testing and anonymously authenticated users in aglobal distributed network.
 19. The method of claim 1 for specificallyto backup and restore data anonymously in a distributed network withguarantees on integrity and recovery times.
 20. The method of claim 1 toshare private and secured data without the use of file servers or anycontrolling body or centralised resource.
 21. The method of claim 1 toapprove the exchange of resources and other transactions based on adigital currency which utilises links with non anonymous paymentsystems.
 22. The method of claim 1 to allow data to be described decodedand identified using very small data map files.
 23. The method of claim1 to allow anonymous authentication of users on a network withoutrequiring servers.
 24. The method of claim 1 to allow sharing of CPUpower globally and to contribute to systems based on users input from aworldwide secure and anonymous voting system.
 25. The method of claim 1where a person's computer operating system and related computer programmay be held on a removable disk (such as a USB stick optionally withbiometric recognition to evade key loggers) and used to boot anycompatible computer with a known virus/trojan free system to accesstheir data remotely and securely without worrying about the integrity ofhost machine they are using.
 26. A distributed network computer programproduct for granular accessibility to data in distributed network orcorporate network that allows one to access any computer via the productand have their own data and desktop represented to them as well as theability to access digital resources without involving a third partyaccess controls or dedicated servers, the product comprising: a storagemedium readable by a processing circuit and storing instructions forexecution by the processing circuit; a perpetual data system, whereinthe perpetual data system ensures there are several copies of each pieceof data at several geographic locations generated by algorithms whichmonitor each other and create further copies on any type of failure orcorruption of a single copy; an anonymous authentication system, whereinthe anonymous authentication system allows authentication access to adistributed system comprising the steps of: receiving a user identifier,retrieving an encrypted validation record identified by the useridentifier, decrypting the encrypted validation record so as to providedecrypted information, and authenticating access to data in thedistributed file system using the decrypted information to provideanonymous authentication; and an n+p key sharing system, wherein the n+psharing system allows users to log in with a created base ID, the ID isvalidated from a supervising node a manager, users are provided with afurther key (Manager's key) to allow access by manager and the corporatestructure decided upon can be viewed as a tree and accessed as such toprovide access to all user's data beneath or equivalent in some cases tothe current user level; wherein the computer program product providescumulative and synergistic benefits to allow people to effectivelycontrol access to their own digital resources without using servers,anonymous authentication of users, with an assurity of a self healing,fault resistant, and duplicate removal network and corporate treenetwork.